[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] Remove HFS support
From: |
Daniel Axtens |
Subject: |
Re: [PATCH] Remove HFS support |
Date: |
Sun, 21 Aug 2022 00:13:18 +1000 |
>> As Daniel Axtens has been finding out, the HFS code is terrible in
>> terms of security. If you still need it for old/semi-dead machines,
>> maybe you should fork an older grub release and stay with that?
>
> I don't know what should be the deal with the security of a boot loader
> to be honest. If someone has access to your hardware so they can control
> your bootloader, you have much worse problems anyway.
>
> Forking is also a terrible idea as every forked package means having to
> track it manually.
Not to engage in the Debian specific parts of this, but fwiw the threat
model isn't hardware access. Firmware-enforced secure boot (e.g. UEFI,
AIX and Linux on PowerVM, whatever modern macs do) basically goes:
- assume an attacker gets root on a running system
- prevent the attacker from compromising the kernel
On Linux this takes 2 parts: some form of signing grub that gets
validated by firmware, and lockdown mode once Linux is booted.
Now I haven't really used a PowerMac since I was a kid, but if memory
serves, they had no concept of this. If you got access to Mac OS (or if
you got root on linux), there is no way to protect the kernel. There is,
in effect, no security boundary between root and the kernel.
Kind regards,
Daniel
>
> Adrian
>
> --
> .''`. John Paul Adrian Glaubitz
> : :' : Debian Developer
> `. `' Physicist
> `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
- Re: [PATCH] Remove HFS support, (continued)
- Re: [PATCH] Remove HFS support, John Paul Adrian Glaubitz, 2022/08/19
- Re: [PATCH] Remove HFS support, Steve McIntyre, 2022/08/19
- Re: [PATCH] Remove HFS support, John Paul Adrian Glaubitz, 2022/08/19
- Re: [PATCH] Remove HFS support, Dimitri John Ledkov, 2022/08/19
- Re: [PATCH] Remove HFS support, Vladimir 'phcoder' Serbinenko, 2022/08/19
- Re: [PATCH] Remove HFS support, Daniel Axtens, 2022/08/20
- Re: [PATCH] Remove HFS support, John Paul Adrian Glaubitz, 2022/08/24
- Re: [PATCH] Remove HFS support, John Paul Adrian Glaubitz, 2022/08/24
- Re: [PATCH] Remove HFS support,
Daniel Axtens <=
- Re: [PATCH] Remove HFS support, Vladimir 'phcoder' Serbinenko, 2022/08/19
- Re: [PATCH] Remove HFS support, John Paul Adrian Glaubitz, 2022/08/26
- Re: [PATCH] Remove HFS support, Vladimir 'phcoder' Serbinenko, 2022/08/26
- Re: [PATCH] Remove HFS support, Daniel Axtens, 2022/08/20
- Re: [PATCH] Remove HFS support, John Paul Adrian Glaubitz, 2022/08/24
- Re: [PATCH] Remove HFS support, Daniel Axtens, 2022/08/26
- Re: [PATCH] Remove HFS support, Vladimir 'phcoder' Serbinenko, 2022/08/26
- Re: [PATCH] Remove HFS support, Robbie Harwood, 2022/08/30
- Re: [PATCH] Remove HFS support, John Paul Adrian Glaubitz, 2022/08/26
- Re: [PATCH] Remove HFS support, Robbie Harwood, 2022/08/30