Craig wrote: > Hello, > is/will there be a fix for CVE-2008-3896 in grub legacy? > > Best regards, > > Craig
Hi Craig, a) No-one is really working on grub legacy. b) The details? If it is previous "hack" to modify grub or bios in order attack vector to be usable, we do not really see this as a grub problem as grub and bios is not then in authentic state and that problem needs completely different protection. If it is about password visible in memory; in most OSes you require root privileges in order to read memory so at that point the game is already lost as attacker can do anything anyway. I have nothing against clearing memory having the password input. But I do not see anyone making any changes to grub legacy. For grub 2 the story is completely different of course. Thanks, Vesa Jääskeläinen _______________________________________________ Bug-grub mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-grub
