Re: grub2 security problem

2015-12-20 Thread Pascal Hambourg
David Christensen a écrit : > > A good defense against an attacker with physical access is LUKS > encryption on all partitions except /boot. Ecryption alone does not protect agains attack scenarios involving /boot tampering.

Re: grub2 security problem

2015-12-20 Thread Gene Heskett
On Sunday 20 December 2015 09:51:04 to...@tuxteam.de wrote: > On Sun, Dec 20, 2015 at 04:08:30PM +0100, Anders Andersson wrote: > > On Sun, Dec 20, 2015 at 5:00 AM, David Christensen > > > > wrote: > > > Another, additional, option is self-encrypting drives (SED), which > > > are operating system

Re: grub2 security problem

2015-12-20 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Dec 20, 2015 at 04:08:30PM +0100, Anders Andersson wrote: > On Sun, Dec 20, 2015 at 5:00 AM, David Christensen > wrote: > > > > Another, additional, option is self-encrypting drives (SED), which are > > operating system agnostic and protect th

Re: grub2 security problem

2015-12-20 Thread Anders Andersson
On Sun, Dec 20, 2015 at 5:00 AM, David Christensen wrote: > > Another, additional, option is self-encrypting drives (SED), which are > operating system agnostic and protect the entire contents of drive with zero > CPU overhead. Emphasis on the word "additional" here. Unless you have access to the

Re: grub2 security problem

2015-12-19 Thread David Christensen
On 12/19/2015 08:59 AM, Joe Pfeiffer wrote: Michael Fothergill writes: I noticed some articles suggesting that there is a security problem in grub2. E.g. http://thehackernews.com/2015/12/hack-linux-grub-password.html ​Is there any substance to this? Yes, for the microscopic proportion of p

Re: grub2 security problem

2015-12-19 Thread Joe Pfeiffer
Michael Fothergill writes: > Dear Folks, > > I noticed some articles suggesting that there is a security problem in > grub2. > > E.g. > > http://thehackernews.com/2015/12/hack-linux-grub-password.html > > ​Is there any substance to this? Yes, for the microscopic proportion of people who put a pa

Re: grub2 security problem

2015-12-19 Thread Michael Fothergill
On 19 December 2015 at 11:50, Brad Rogers wrote: > On Sat, 19 Dec 2015 09:35:57 + > Michael Fothergill wrote: > > Hello Michael, > > >​Is there any substance to this? > ​ > Yes, but it's been rectified. See > > for the f

Re: grub2 security problem

2015-12-19 Thread Brad Rogers
On Sat, 19 Dec 2015 09:35:57 + Michael Fothergill wrote: Hello Michael, >​Is there any substance to this? ​ Yes, but it's been rectified. See for the full security announcement. Further, I suggest subscribing to the Deb

Re: grub2 security problem

2015-12-19 Thread Joe
On Sat, 19 Dec 2015 09:35:57 + Michael Fothergill wrote: > Dear Folks, > > I noticed some articles suggesting that there is a security problem in > grub2. > > E.g. > > http://thehackernews.com/2015/12/hack-linux-grub-password.html > > ​Is there any substance to this? > There was an upda

Re: grub2 security problem

2015-12-19 Thread Teemu Likonen
Michael Fothergill [2015-12-19 09:35:57Z] wrote: > I noticed some articles suggesting that there is a security problem in > grub2. > http://thehackernews.com/2015/12/hack-linux-grub-password.html > > ​Is there any substance to this? Didn't check myself but it seems so: https://www.debian.org/se