Linux

8394 readers

287 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

New Linux Security Flaw Uses Initramfs to Inject Malware (www.omgubuntu.co.uk)

submitted 5 days ago by cm0002@programming.dev to c/linux@programming.dev

28 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] just_another_person@lemmy.world 53 points 5 days ago (16 children)

Attackers with physical access to a Linux system can access a debug shell simply by entering the wrong decryption password several times in a row.

Yeah, no duh. This isn't a critical security flaw unless you have the worst partition scheme on your encrypted volumes imaginable. It's not even a process flaw at that point, just "possible".

This is essentially what the Israeli government did to Android a decade ago with Pegasus: if you can get in front of the bootloader, you can compromise disks once encrypted because everything is happening in an in-memory boot process.

Same way you can hotwire cars. It's not new.

[–] BlameTheAntifa@lemmy.world 10 points 4 days ago (1 children)

What’s the expression? If someone has physical access to your machine it’s no longer your machine.

[–] caseyweederman@lemmy.ca 3 points 4 days ago

XKCD about hacking in reality, a $5 monkey wrench, some rope, and kneecaps

load more comments (14 replies)