|
| From: | Vladimir 'phcoder' Serbinenko |
| Subject: | Re: Re[2]: 'password' command in GRUB 2? |
| Date: | Tue, 25 Aug 2009 16:50:15 +0200 |
> Does it has the same problem as CVE-2008-3896 published for grub-legacy? It's completely different concern. Actually BIOS keyboard buffer shouldn't be a problem since only root can read raw memory and if user is a root he can just kexec any kernel he wants. I could add keyboard buffer wiping to my sendkey work but it only offsets the problem since same info is stored in RAM by grb anyway. The only solution I see for second problem is to make grub_free shred the memory and ensuring all sensitive fields are dynamically allocated and free'ed before boot (last part makes code cleaner too). Actually I have done some experiments with replacing grub_sprintf with grub_asprintf which revealed many spot of suboptimal code too. After all I think this is worth to do (wiping keyboard buffer and making grub_free wipe the memory). But it doesn't destroy the info which was in memory before grub booted. Doing so may take significant booting time (to be tested) but may be desirable in some cases. > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3896 > > -- > Felix Zielcke > Proud Debian Maintainer > > > > _______________________________________________ > Grub-devel mailing list > address@hidden > http://lists.gnu.org/mailman/listinfo/grub-devel > -- Regards Vladimir 'phcoder' Serbinenko Personal git repository: http://repo.or.cz/w/grub2/phcoder.git
| [Prev in Thread] | Current Thread | [Next in Thread] |