Linux

8394 readers

286 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

New Linux Security Flaw Uses Initramfs to Inject Malware (www.omgubuntu.co.uk)

submitted 5 days ago by cm0002@programming.dev to c/linux@programming.dev

28 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] just_another_person@lemmy.world 46 points 5 days ago (16 children)

Attackers with physical access to a Linux system can access a debug shell simply by entering the wrong decryption password several times in a row.

Yeah, no duh. This isn't a critical security flaw unless you have the worst partition scheme on your encrypted volumes imaginable. It's not even a process flaw at that point, just "possible".

This is essentially what the Israeli government did to Android a decade ago with Pegasus: if you can get in front of the bootloader, you can compromise disks once encrypted because everything is happening in an in-memory boot process.

Same way you can hotwire cars. It's not new.

[–] unexposedhazard@discuss.tchncs.de -1 points 5 days ago (8 children)

Physical access = electronic waste

Thats how it has always been and always will be. If a threat actor had free access to your device for even just a couple seconds, its compromised rare earth trash.

[–] just_another_person@lemmy.world 5 points 5 days ago (7 children)

Nope

[–] ulterno@programming.dev 5 points 5 days ago

Nope

Exactly.
Silicon is not a rare earth element.
Neither is Aluminium nor plastic nor Lithium (it's getting rarer alright, but doesn't fall into the category).

The amount of rare earth elements is really small in these devices.

load more comments (6 replies)

load more comments (13 replies)