On 06/02/2012 05:47 PM, Gregory Maxwell wrote:
There is no additional security provided by the feature as so far
described—only security theater. So I can't modify the kernel or
bootloader, great—but the kernel wouldn't have let me do that in the
first place unless it had an exploit. So I just put my rootkit inside
systemd so that it executes the kernel exploit right after reboot, and
the exploited kernel now silently keeps updates from being applied.
You've sortof missed the point. A privilege escalation exploit, currently,
can sabotage your bootloader, insert its own ahead of it, and modify the
kernel to perpetually hide itself. Right now such exploits are generally
bounded by selinux, which would, in most cases, stop them from performing
the systemd trick that you describe. At that point it has escalated past
the point where it's confined by selinux or anything else, and can do your
trick and far worse.
And again, there *are* "bootkit" exploits in the wild now. So any argument
that there's no legitimate security benefit to securing the bootloader is
prima facie false.
--
Peter
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
