Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02

From:	Bruce Dubbs
Subject:	Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round
Date:	Tue, 2 Mar 2021 14:00:56 -0600
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0

On 3/2/21 1:37 PM, John Paul Adrian Glaubitz wrote:

Hi Daniel!

On 3/2/21 7:00 PM, Daniel Kiper wrote:

The BootHole vulnerability [1][2] announced last year encouraged many people to
take a closer look at the security of boot process in general and the GRUB
bootloader in particular. Due to that, during past few months we were getting
reports of, and also discovering various security flaws in the GRUB ourselves.
You can find the list of most severe ones which got CVEs assigned at the end of
this message. The patch bundle fixing all these issues in the upstream GRUB
contains 117 patches.


Huge thanks and kudos to everyone involved fixing all these vulnerabilities!

Given the amount of patches, wouldn't it make sense to push an RC candidate
for 2.06 in the near future so that distributions can start shipping the pre-
release and avoiding to carry this large amount of patches?

It makes sense to not rely on distros to do the job of GRUB. It's timeto get on a release schedule and stick to it. Very complex packageslike gcc, glibc, and binutils are on a six month schedule. Why not GRUB?


From https://ftp.gnu.org/gnu/grub/:
grub-1.99.tar.gz        2011-05-14
grub-2.00.tar.gz        2012-06-27
grub-2.02.tar.gz        2017-04-26
grub-2.04.tar.gz        2019-07-05
grub-2.06.tar.gz        202?-??-??

If you are waiting for perfection, you will never get there.

  -- Bruce

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [SECURITY PATCH 116/117] templates: Disable the os-prober by default, (continued)
- [SECURITY PATCH 117/117] kern/mm: Fix grub_debug_calloc() compilation error, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 110/117] grub-install-common: Add --sbat option, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 113/117] kern/misc: Add STRING type for internal printf() format handling, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 111/117] shim_lock: Only skip loading shim_lock verifier with explicit consent, Daniel Kiper, 2021/03/02
- Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, John Paul Adrian Glaubitz, 2021/03/02
  - Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Bruce Dubbs <=
  - Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Daniel Kiper, 2021/03/02
    - Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Neal Gompa, 2021/03/09
    - Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Daniel Kiper, 2021/03/09
- Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Paul Menzel, 2021/03/18
  - Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round, Daniel Kiper, 2021/03/22

Prev by Date: Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round
Next by Date: Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round
Previous by thread: Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round
Next by thread: Re: [SECURITY PATCH 000/117] Multiple GRUB2 vulnerabilities - 2021/03/02 round
Index(es):
- Date
- Thread