grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[2]: 'password' command in GRUB 2?

From: Felix Zielcke
Subject: Re: Re[2]: 'password' command in GRUB 2?
Date: Tue, 25 Aug 2009 16:35:36 +0200 
Am Dienstag, den 25.08.2009, 01:58 +0200 schrieb Vladimir 'phcoder'
Serbinenko:
> On Tue, Aug 25, 2009 at 12:36 AM, Robert Millan<address@hidden>
> wrote:
> >
> > I had a look at grub_cmdline_get(), and it would need some
> restructuring in
> > order not to enforce static allocation.  I admit it doesn't make
> sense to
> > put this patch on hold because of it.
> >
> > Vladimir, please go ahead with your latest patch.  I will try to
> change
> > grub_cmdline_get() semantics later if I get some time.
> >
> Comitted. Beware that it needs more review and testing before
> considering it somewhat secure (well we don't really need to be more
> secure than firmware password unless we're firmware).
> Additionally using plaintext support (currently the only supported) is
> a bad practise. I'll look if I have time to implement a form of
> cryptographic password (e.g. scrypt) before 1.97 freeze. 

Does it has the same problem as CVE-2008-3896 published for grub-legacy?

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3896

-- 
Felix Zielcke
Proud Debian Maintainer
reply via email to
[Prev in Thread] Current Thread [Next in Thread]