I love how every time I read a “Critical” vulnerability in Linux it’s essentially “The user must leave their computer completely unlocked in an accessible area for a long period of time. Also he needs this very specific combination of programs running in these specific versions. Ah, and the planets have to be aligned for it to work. If all of these happen, an attacker might glimpse at your desktop wallpaper, so definitely critical”.
not trying to sound like an internet badass but if I find someone in my home fucking with my config files I will kill them with a hammer
I would at the very least break their fingers if they touch my keyboard.
No hammer needed…
This made me think of a custom keyboard with a mousetrap arm at the top to break the fingers of would-be typers.
Mousetrap keyboard + Suicide Linux
But I bet it’s more fun with a hammer.
But you could damage the keyboard
Not my Model M.
The Model M IS the weapon
That’s collateral damage I’m willing to risk 🤣
deleted by creator
My first reaction would be to acknowledge them as a fellow geek, but that’s because most of the people who live near me would hurt themselves trying to open Notepad. Anyone who knows enough to start hacking my config files would be a welcome guest in my house.
Then I’d kill them with a hammer. :-)
This is a vulnerability in shim, which is a UEFI “bootloader” used by distros mainly to allow booting with the “stock” (Microsoft) secure boot keys.
If you don’t use secure boot or don’t use shim (likely if you use your own keys), this doesn’t affect you at all.
In any case this “critical vulnerability” mainly affects machines relying on shim which also boot over unencrypted HTTP.
Would this affect systems booting to the refind bootloader without secure boot? Sorry for the ignorance just trying to figure out if I should be changing my system for this news.
No
No.
This is a vulnerability which allows bypassing secure boot protections. You have already manually bypassed those protections by disabling secure boot.
clickbait title. basically, if your machine is already compromised in a severe way, here is another way how to compromise it further (for whatever reason)
And the issue that does exist doesn’t even require Linux to be installed, technically. Unless you’re an IT pro administering large numbers of systems that boot from a network disk image, there is nothing for you to worry about here.
It’s also a new way to compromise a machine you have physical access to
I wonder if Matt calculated CVSS score before calling this vulnerability “critical”.
It’s the last sentence of the article - 9.8/10. In this case it’s probably called critical because of the potential consequences of the exploit being a full machine takeover, not the likeliness of the exploit being used.
It means that CVSS is calculated wrong. It can’t be so big because default configuration is not affected and attacker requires admin access to change it.
I mean take a look at the report. Still not sure how it’s “wrong”.
Admin or physical access.
2 scenarios where it can be exploited:
Acquiring the ability to compromise a server or perform an adversary-in-the-middle impersonation of it to target a device that’s already configured to boot using HTTP
Already having physical access to a device or gaining administrative control by exploiting a separate vulnerability.
