[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux
|
From: |
Turritopsis Dohrnii Teo En Ming |
|
Subject: |
Re: Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros |
|
Date: |
Sat, 02 Mar 2024 06:34:56 +0000 |
On Friday, February 9th, 2024 at 5:36 PM, Frantisek Rysanek
<Frantisek.Rysanek@post.cz> wrote:
> > Article: Critical Boot Loader Vulnerability in Shim Impacts Nearly All
> > Linux Distros
> > Link:
> > https://thehackernews.com/2024/02/critical-bootloader-vulnerability-in.html
> >
> > May I know if Shim is an important component of GNU Grub?
>
> This is what the Shim does:
> https://github.com/rhboot/shim#shim-a-first-stage-uefi-bootloader
>
> Disclaimer: I am no expert on Grub or Shim or security.
> So my superficial reading of the message is:
>
> If you happen to netboot (PXEboot) using HTTP to transport your
> kernel+initrd,
> AND you have SecureBoot enabled, meaning that you rely on it for
> security,
> AND you're therefore using the Shim, to sign on the fly your kernel
> or whatever binaries you need to chainload off the LAN,
> ... THEN you are susceptible to the CVE, where the attacker (pulling
> off a MITM) can meticulously craft a binary payload, knowing the
> inner workings of the Shim, to execute his own arbitrary code, as
> part of the Shim.
>
> Color me illterate... isn't the assumed background scenario
> 1) rare
> 2) offering other, much simpler ways of attack, once you're in the
> MITM position, such as providing your own kernel and initrd,
> effectively booting your own OS in the first place?
>
> If you have someone capable of a MITM inside your LAN, don't you have
> a much more serious problem in the first place?
>
> I am no expert on this scenario, and I feel judgemental in my
> possibly unfounded opinion. Corrections are welcome.
>
> If I understand this correctly:
>
> - Linux distroes booting from local disk, in legacy or UEFI mode,
> UEFI with or without SecureBoot, are not affected
>
> - machines PXE-booting without SecureBoot (in legacy or UEFI mode)
> are not affected
>
> Except that booting without SecureBoot especially over the network
> maybe offers other, more serious vectors of attack.
>
> Overall, somehow I don't see anybody panic.
>
> Side note: I am not exactly sure, if this is specific to Grub. Grub
> indeed seems capable of PXE-booting with UEFI support, and uses the
> Shim in disk-based UEFI boot first and foremost. Not sure if iPXE is
> also affected. I don't know if the Shim including the CVE is present
> in iPXE, or can be combined with iPXE explicitly.
>
> Frank
Sounds too complicated for me to understand. I gave up.
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
- Re: Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros,
Turritopsis Dohrnii Teo En Ming <=