|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [IVIZ-08-009] Grub Legacy Security Model bypass exploiting wrong BIOS API usage
phcoder
gmail.com
Date: Tue Aug 25 2009 - 10:27:34 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This problem is not a threat because root user is able to boot any kernel without going through boot sequence (kexec) and is able to recover disk encryption key by inspecting dmcrypt module in memory. If an OS allows user to read raw memory without being root it's a security hole in OS and not in GRUB
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]