[Support-team] Cryptsetup Vulnerability Grants Root Shell Access on Some Linux Systems
Nat Meysenburg
nat at stealthisemail.com
Wed Nov 16 17:13:04 EST 2016
Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:
> If anyone wants to have a discussion about steps we could take in that
> direction, i'm all ears. But an attacker with console access and
> physical access already has quite a bit of potential control over the
> machine. That's why we limit console access and physical access :)
I don't have much to add, other than the observation that Grub2 supports
encryption[0], so unencrypted /boot partitions is actually a thing we can
move away from. My understanding of this vulnerability is that the
attacker gets dropped into a root shell with access to /boot—and
encrypting boot would insulate us from that. Mind you, I have never
tried this approach, but I know folks who have.
~~Nat
[0] http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/
https://askubuntu.com/questions/729673/ubuntu-full-disk-encryption-with-encrypted-boot
http://dustymabe.com/2015/07/06/encrypting-more-boot-joins-the-party/
https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://lists.mayfirst.org/pipermail/support-team/attachments/20161116/a6ed8952/attachment.sig>
More information about the Support-team
mailing list