Linux security...mindboggling flaw

jercra · Dec 21, 2015

Couperin47 said:
Not meant as an attack, this just proves that even after years of open-source scrutiny, huge flaws can hide in plain sight:

http://www.zdnet.com/article/how-to-hack-any-linux-machine-just-using-backspace/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61

essentially, you can bypass the password required to boot most Linux distros: when asked for a username...hit backspace 28 times you get the Grub rescue shell which gives you full admin priviledges to load custom kernels, download or erase data, install rootkits...do all sorts of mischief.

Ok, but you have to be in front of the machine or at least have serial access. It's not a particularly big exposure.

crystalline · Dec 21, 2015

Heartbleed is a better example of a serious bug in open source software that was not caught for quite a while

Blacken · Dec 21, 2015

Oh, so another way that, if you have physical access to a machine, that you can compromise it? Well, color me shocked. (Shocked is, I think, aubergine.)

I suppose I shouldn't tell our local might-be-a-Markov-chain that I can pull a disk and read it, too. Unless the local disks are encrypted, of course, which--wait for it--renders this bug harmless.

Couperin47 said:
Not meant as an attack

Sure it wasn't, fanboy.

teddykgb · Dec 21, 2015

The power of open source is less in the increased scrutiny and more in which the speed of patches for things like this can be developed. The distros all patched this same day and a separate patch anyone could run was also released. Microsoft or Apple would have taken much longer to fix.

SumnerH · Dec 21, 2015

Couperin47 said:
You're so predictable....

He's also right. If you have physical access to the machine and it isn't using encrypted drives, you have no security. With any OS. That's been known for decades.

Myt1 · Dec 21, 2015

Wait, does this sort of shit talking happen in this subforum all the time? How do I subscribe to updates?

crystalline · Dec 21, 2015

Myt1 said:
Wait, does this sort of shit talking happen in this subforum all the time? How do I subscribe to updates?

Fewer big words here though.

Re trash talking and security and the big desktop OS-- no matter what security problems other OS's have, at least they didn't create an antivirus industry through terrible security practices, then choose to keep that industry alive instead of implementing real security.

I think of all the time Windows people have wasted on dealing with antivirus software over the past 15 years and weep. Especially when I need to set up a Windows machine... Blergh

Time to Mo Vaughn · Dec 22, 2015

Couperin47 said:
From the point of view of a user, there's rather a qualitative difference in security breach if:
A. A computer is hacked and unencrypted files are quickly copied with no obvious evidence that the data has been compromised.
B. A computer is disassembled and drives are stolen or copied, which requires an order of magnitude more time and may or may not be evident or
C. The computer or it's drives are simply stolen and the breach is completely obvious

Booting off of a LiveCD or Thumb Drive really takes an order of magnitude more time than scenario A?

SumnerH · Dec 22, 2015

Couperin47 said:
From the point of view of a user, there's rather a qualitative difference in security breach if:
A. A computer is hacked and unencrypted files are quickly copied with no obvious evidence that the data has been compromised.
B. A computer is disassembled and drives are stolen or copied, which requires an order of magnitude more time and may or may not be evident or
C. The computer or it's drives are simply stolen and the breach is completely obvious

Physical access doesn't mean you need to pull the drive. There are a zillion ways to compromise the system without cracking it open.

Most boot loaders let you go into single user mode (e.g. in LILO you'd hold down the shift key during boot, and type "linux single" at the prompt--or whatever the image name was in place of "linux"; in GRUB on almost all systems you just hit "e" to edit the command line and add "single" at the end of it). If the boot loader is password protected, you boot from a rescue disk or USB stick.

The principles are the same on the Mac and Windows, though the details vary obviously.

This bug affects passwords in the GRUB password-protection system. Which is a feature I've never actually seen anyone in the real world enable, because it's largely pointless--disk encryption is necessary for actual security, anyway (it's not used out of the box on Ubuntu, Debian, Red Hat, Fedora, SUSE, etc).

Blacken · Dec 22, 2015

And this is why Sumner will not be the first against the wall when the revolution comes.

Dernells Casket n Flagon said:
Booting off of a LiveCD or Thumb Drive really takes an order of magnitude more time than scenario A?

And you won't, either.

I can be at a root console, chrooted into your local file system, faster than I can boot up your actual install of RedHat or Ubuntu or whatever, through the use of a thumb drive. But, see, GRUB being able to let J. Random Attacker pick which of your installed kernels to launch is srs bsns.

Search

Search

Linux security...mindboggling flaw

Couperin47

Member

jercra

No longer respects DeChambeau

crystalline

Member

Blacken

Robespierre in a Cape

Couperin47

Member

teddykgb

Member

SumnerH

Malt Liquor Picker

Myt1

educated, civility-loving ass

crystalline

Member

Couperin47

Member

Time to Mo Vaughn

RIP Dernell

SumnerH

Malt Liquor Picker

Blacken

Robespierre in a Cape