*countable infinities only
pjones at redhat.com
Sun Jun 3 14:11:37 UTC 2012
On 06/02/2012 05:47 PM, Gregory Maxwell wrote:
> There is no additional security provided by the feature as so far
> described—only security theater. So I can't modify the kernel or
> bootloader, great—but the kernel wouldn't have let me do that in the
> first place unless it had an exploit. So I just put my rootkit inside
> systemd so that it executes the kernel exploit right after reboot, and
> the exploited kernel now silently keeps updates from being applied.
You've sortof missed the point. A privilege escalation exploit, currently,
can sabotage your bootloader, insert its own ahead of it, and modify the
kernel to perpetually hide itself. Right now such exploits are generally
bounded by selinux, which would, in most cases, stop them from performing
the systemd trick that you describe. At that point it has escalated past
the point where it's confined by selinux or anything else, and can do your
trick and far worse.
And again, there *are* "bootkit" exploits in the wild now. So any argument
that there's no legitimate security benefit to securing the bootloader is
prima facie false.
More information about the devel