The LUKS issue was all about getting a root shell as opposed to being
able to defeat LUKS or get the keys or decrypt the data. I know this was
a bit misreported in the press.

A bigger issue is if /boot is not encrypted. And with modern GRUB there
is no need for it not to be. Someone could then use this shell to put a
keylogger in /boot process then they could use this vulnerability to do
some damage. But the same is true from booting from removable custom
media to access the encrypted partitions.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ad049ceb-dacf-93d5-cc0c-daffb69e2a3c%40gmsl.co.uk.
For more options, visit https://groups.google.com/d/optout.

Reply via email to