Hi I would like to have some advice about the u-boot triaging. The problem is that someone can load an alternative configuration file and by that boot arbitrary code. I assume this means that the attacker must have physical access to the device.
As I see it, this can be used to root devices that should not be possible to root. My question is whether you think this is worth fixing in Debian. I lean towards that we should consider this as a minor issue for Jessie but here I would like your opinion. Thank you in advance // Ola -- --- Inguza Technology AB --- MSc in Information Technology ---- | [email protected] [email protected] | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
