grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC] Boot parameters and geometrical stability


From: phcoder
Subject: Re: [RFC] Boot parameters and geometrical stability
Date: Wed, 03 Sep 2008 19:17:33 +0200
User-agent: Thunderbird 2.0.0.16 (X11/20080724)

Vesa Jääskeläinen wrote:
> phcoder wrote:
>> I was thinking about the scenario when ide drives are trusted but not
>> USB or removable devices. Cryptographic checksums wouldn't bring much
>> because if attacker can modify harddrive he can also modify GRUB to skip
>>  checksum check.
> 
> Then you password protect it :) Once that is supported.
> 
> But really, if attacker has access to your HDD then there is not a
> really reason why we should do defense against that one as they can
> overwrite us at will.
But consider a scenario when attacker can't overwrite the existing
harddrive but can plug new one. Then the attacker can prepare a
harddrive having a partition with the same UUID as our boot partition.
Then he plugs it and depnding on factors like order of interfaces,
devices, phase of the moon, ... GRUB can load attacker's modules. While
it's ok to use UUID on personal desktop system when attacker can't plug
his devices it shouldn't be the default.
Vladimir 'phcoder' Serbinenko




reply via email to

[Prev in Thread] Current Thread [Next in Thread]