Recently discovered exploit makes bypassing bootloader PW in Linux trivial.
Today I learned that for the last six years it's been possible to root just about any Linux box to which you have physical access by pressing the backspace key 28 times at the bootloader password prompt (assuming the box was even protected with one, which a lot of people don't do). Fortunately, (hopefully) nobody else knew about this either until it was discovered and published by a team of security researchers earlier this month.
When I used to teach system admin stuff I always said that once someone has physical access to the box you're probably screwed anyway, but anything that makes it easier is still a pretty big deal. If you're at all familiar with code stuff, or just curious about how the guts of this sort of thing works, it's also a pretty fascinating read, and illustrative of just how damn careful one has to be when working in a language like C.
Question for people more savvy than me: is it the case that this particular issue wouldn't happen in a more modern language, and if so is it because it wouldn't be possible, or just that you'd have to go out of your way to circumvent convention and do weird stuff with memory in a way that exposes you to the risk?
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
When I used to teach system admin stuff I always said that once someone has physical access to the box you're probably screwed anyway, but anything that makes it easier is still a pretty big deal. If you're at all familiar with code stuff, or just curious about how the guts of this sort of thing works, it's also a pretty fascinating read, and illustrative of just how damn careful one has to be when working in a language like C.
Question for people more savvy than me: is it the case that this particular issue wouldn't happen in a more modern language, and if so is it because it wouldn't be possible, or just that you'd have to go out of your way to circumvent convention and do weird stuff with memory in a way that exposes you to the risk?
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html