Don’t believe the hype: That GRUB backspace bug wasn’t a big deal - taylorteforning1957

You can hack any Linux organization rightful by pressing the backspace key key 28 times! That's what close to sites would have you believe after an unfortunate GRUB bug was newly ready-made public. Simply this won't actually allow you to easily own any Linux system.

You should standing update Chow

Obviously, this isn't ideal. This bug will single impingement some of the most secured systems. If you use GRUB's password feature to lock down your bootloader, you'll want to install the security updates your Linux distribution provides. The big Linux distributions have patched this problem, so it's just a matter of installment those security patches, the like you should atomic number 4 doing on a regular basis anyway. You don't even require to reboot. The next time your computer boots, it'll utilize the new version of GRUB without the germ and be secure.

Security updates for GRUB are available from your Linux distribution.

GRUB normally doesn't even use a password

That aforementioned, this bug won't allow you to hack any Linux system. The average Linux substance abuser doesn't need to occupy about it. Here's why:

Most Linux systems get into't have a Bum password at all. By nonpayment, Linux distributions don't set up any GRUB password. Just rebooting the computing machine and arrival a GRUB racing shell testament give you full access additionally the nitty-gritt with whatsoever parameters you want. You could then gain administrator access and supercede system files with malicious ones, just as these researchers did. The bulk of Linux systems out there are vulnerable to this. A GRUB password isn't the very affair as a login password. As a matter of fact, there's no more fashio to set a parole for the Windows bootloader at all.

But thats okay, because this attack requires physical access to the estimator. You can't access Chow over a network connection. If an attacker has somatic access to a computer and can bring up it and use a keyboard and mouse, that computer is already in trouble. At a lower limit, if it's a server, an assaulter can causa a denial-of-service attack by physically shutting go through the computing device Beaver State unplugging its network cable. The attacker could as wel open up the computer, remove the disk drive, mess with the files on it, and so put that compromised disk drive back in the computer. The attacker could install a key-logging device between the keyboard and computer, for example. Or, the attacker could boot an operating system from a USB drive and use it to mess with the computers files. The sky's the limit with physical access.

You can unremarkably edit boot parameters in grub aside pressing "e," no password required!

What's more, none of this really matters if you use saucer encoding. If your files are encrypted and you have to enter a password to access them, an attacker wouldn't be able to use the GRUB bug to approach your files and compromise them. An assaulter also wouldn't be able to utilise the usual passwordless Cadge prompt to mess with your files.

So, in the rattling rare subject where an assaulter has physical access to a locked-down Linux system—including a keyboard and mouse—but not physical access to the computer's case, this bug could matter. There may be some systems like that out there, but not many. The immense majority of Linux users aren't using a Chuck password and don't indigence to. They were never affected by this bug at all.

Linux security isn't perfect. ShellShock was particularly horrific, for example. But this GRUB bug isn't anywhere all but as bad. Like that XOR malware, it doesn't affect most Linux users.

Source: https://www.pcworld.com/article/418914/dont-believe-the-hype-that-grub-backspace-bug-wasnt-a-big-deal.html

Posted by: taylorteforning1957.blogspot.com

Share this post