Re: [RFC] Boot parameters and geometrical stability

All of lore.kernel.org
 help / color / mirror / Atom feed

From: phcoder <phcoder@gmail.com>
To: The development of GRUB 2 <grub-devel@gnu.org>
Subject: Re: [RFC] Boot parameters and geometrical stability
Date: Wed, 03 Sep 2008 19:17:33 +0200	[thread overview]
Message-ID: <48BEC6AD.5040305@gmail.com> (raw)
In-Reply-To: <48BEC078.7030006@nic.fi>

Vesa Jääskeläinen wrote:
> phcoder wrote:
>> I was thinking about the scenario when ide drives are trusted but not
>> USB or removable devices. Cryptographic checksums wouldn't bring much
>> because if attacker can modify harddrive he can also modify GRUB to skip
>>  checksum check.
> 
> Then you password protect it :) Once that is supported.
> 
> But really, if attacker has access to your HDD then there is not a
> really reason why we should do defense against that one as they can
> overwrite us at will.
But consider a scenario when attacker can't overwrite the existing
harddrive but can plug new one. Then the attacker can prepare a
harddrive having a partition with the same UUID as our boot partition.
Then he plugs it and depnding on factors like order of interfaces,
devices, phase of the moon, ... GRUB can load attacker's modules. While
it's ok to use UUID on personal desktop system when attacker can't plug
his devices it shouldn't be the default.
Vladimir 'phcoder' Serbinenko

next prev parent reply	other threads:[~2008-09-03 17:17 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-09-03  9:50 [RFC] Boot parameters and geometrical stability phcoder
2008-09-03 10:36 ` Robert Millan
2008-09-03 12:31   ` phcoder
2008-09-03 16:51     ` Vesa Jääskeläinen
2008-09-03 17:17       ` phcoder [this message]
2008-09-03 17:49         ` Vesa Jääskeläinen
2008-09-03 18:36           ` phcoder
2008-09-03 19:07             ` Vesa Jääskeläinen
2008-09-03 19:23               ` phcoder
2008-09-04 19:37           ` Robert Millan
2008-09-04 21:40             ` phcoder
2008-09-05  9:58               ` Robert Millan
2008-09-04 19:33     ` Robert Millan
2008-09-04 21:37       ` phcoder
2008-09-05 10:05         ` Robert Millan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48BEC6AD.5040305@gmail.com \
    --to=phcoder@gmail.com \
    --cc=grub-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.