Date: Wed, 16 Nov 2016 16:11:57 +0000 From: John Haxby <john.haxby@...cle.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2016-4484: - Cryptsetup Initrd root Shell On 16/11/16 15:55, Jason Cooper wrote: > How does this differ from an attacker setting 'init=/bin/sh' on the > kernel command line? Or, booting from attacker provided media? Or, in > OS X, booting in single user mode? > > Your Discussion section at the end mentions facilities (GRUB passwords, > BIOS passwords, etc) for preventing this "Developer friendliness". How > do you envision the installer enabling these while providing a failsafe > that an attacker can't exploit? If you set a grub password then the attacker cannot set init=/bin/sh on the kernel command line without knowing the grub password. However, when the boot process prompts you for the encrypted volume password you can just hit enter until you eventually get a shell prompt. Of course, the attacker needs to be able to see the console where the password is typed in ... jch
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ