@plumbercraic@lemmy.sdf.org to linuxmemes@lemmy.world • 4 months agoExe in a bottlelemmy.sdf.orgimagemessage-square61fedilinkarrow-up11.07Karrow-down10
arrow-up11.07Karrow-down1imageExe in a bottlelemmy.sdf.org@plumbercraic@lemmy.sdf.org to linuxmemes@lemmy.world • 4 months agomessage-square61fedilink
minus-square@Zacryon@feddit.orglinkfedilink20•4 months agoRemember that time, when it was possible for about 6 years to hack into any Linux system (without drive encryption) which had GRUB by pressing backspace exactly 28 times? Yeah, good old times. https://www.hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
minus-square@FiskFisk33@startrek.websitelinkfedilink16•4 months agoIf the adversary has physical access you are generally pwned either way
minus-square@kattfisk@lemmy.dbzer0.comlinkfedilink9•4 months agoThat’s hyperbole. Such a system can be “hacked” by simply plugging in a usb-stick and booting from that instead, or dozens of other ways. The only reason to use GRUB authentication I can think of would be in something like a kiosk.
minus-square@Varcour@lemm.eelinkfedilinkEnglish5•4 months agoDoes anyone here use GRUB authentication? If so why? What’s your threat model?
Remember that time, when it was possible for about 6 years to hack into any Linux system (without drive encryption) which had GRUB by pressing backspace exactly 28 times? Yeah, good old times.
https://www.hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
If the adversary has physical access you are generally pwned either way
That’s hyperbole. Such a system can be “hacked” by simply plugging in a usb-stick and booting from that instead, or dozens of other ways.
The only reason to use GRUB authentication I can think of would be in something like a kiosk.
Does anyone here use GRUB authentication? If so why? What’s your threat model?