oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2016-4484: - Cryptsetup Initrd root Shell

From: John Haxby <john.haxby () oracle com>
Date: Wed, 16 Nov 2016 16:11:57 +0000
On 16/11/16 15:55, Jason Cooper wrote:

How does this differ from an attacker setting 'init=/bin/sh' on the
kernel command line?  Or, booting from attacker provided media?  Or, in
OS X, booting in single user mode?

Your Discussion section at the end mentions facilities (GRUB passwords,
BIOS passwords, etc) for preventing this "Developer friendliness".  How
do you envision the installer enabling these while providing a failsafe
that an attacker can't exploit?


If you set a grub password then the attacker cannot set init=/bin/sh on
the kernel command line without knowing the grub password.   However,
when the boot process prompts you for the encrypted volume password you
can just hit enter until you eventually get a shell prompt.  Of course,
the attacker needs to be able to see the console where the password is
typed in ...

jch
Previous By Date Next
Previous By Thread Next

Current thread: