[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: grub security fix for CVE-2008-3896
From: |
Vesa Jääskeläinen |
Subject: |
Re: grub security fix for CVE-2008-3896 |
Date: |
Mon, 06 Oct 2008 21:52:33 +0300 |
User-agent: |
Thunderbird 2.0.0.17 (Windows/20080914) |
Craig wrote:
> Hello,
> is/will there be a fix for CVE-2008-3896 in grub legacy?
>
> Best regards,
>
> Craig
Hi Craig,
a) No-one is really working on grub legacy.
b) The details? If it is previous "hack" to modify grub or bios in order
attack vector to be usable, we do not really see this as a grub problem
as grub and bios is not then in authentic state and that problem needs
completely different protection.
If it is about password visible in memory; in most OSes you require root
privileges in order to read memory so at that point the game is already
lost as attacker can do anything anyway.
I have nothing against clearing memory having the password input. But I
do not see anyone making any changes to grub legacy. For grub 2 the
story is completely different of course.
Thanks,
Vesa Jääskeläinen