Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 17 Nov 2016 16:56:06 +0000
From: John Haxby <john.haxby@...cle.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2016-4484: - Cryptsetup Initrd root Shell

On 17/11/16 16:39, Jason Cooper wrote:
> However, the golden rule still applies.  Physical access trumps all
> defensive measures.  The absolute best you can do is detect that
> physical access occurred.  From there, you're hoping there are no
> hardware implants or other devices outside the scope of software
> security.

I agree.  However, it ought be to be harder than leaning on the enter
key to break into a system.  You lock your doors even though it doesn't
stop a determined burglar?

(I note that if you set a grub password at installation time on Fedora
you also get rd.shell=0 which stops this particular attack dead.)

jch

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ