Results 1 to 4 of 4

Thread: A New Release Of GRUB 2.0 Fixes Security Issue

  1. 11-09-2009, 05:30 PM #1
    phoronix
    phoronix is offline Phoronix News Bot
    Join Date
    Jan 2007
    Posts
    10,215

    Default A New Release Of GRUB 2.0 Fixes Security Issue

    Phoronix: A New Release Of GRUB 2.0 Fixes Security Issue

    It was just about two weeks ago that GRUB 2.0 moved closer to release with version 1.97 finally making it out the door after being just shy of two years without a new release. GRUB 1.97 brought Mac OS X kernel support, EXT4 file-system support, support for RAID 4/6/10, high-resolution timer support, support for loading FreeBSD/NetBSD/OpenBSD kernels, and many other changes...

    http://www.phoronix.com/vr.php?view=NzY4NQ
    Reply With Quote Reply With Quote
  2. 11-09-2009, 06:46 PM #2
    faemir
    faemir is offline Junior Member
    Join Date
    May 2008
    Posts
    23

    Default

    GNU/Hurd support, just what I need!

    But no, good thing it got patched swiftly for that fun exploit
    Reply With Quote Reply With Quote
  3. 11-10-2009, 07:02 PM #3
    admax88
    admax88 is offline Junior Member
    Join Date
    Jun 2009
    Posts
    27

    Default

    Correction for the article

    Quote Originally Posted by phoronix View Post
    log-in just entering "p" or "nix" or any other part of the string -- even just one character
    The bug report says differently.

    Quote Originally Posted by http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555195
    GRUB accepts user input as valid password as long as user enters some first
    characters of password correctly.
    Not any part of the string will do, only those which are a valid prefix of the string are valid input.

    Ex, if the password is phoronix,
    valid input is
    phoronix
    phoroni
    phoron
    ...
    p

    but not "nix" or "ron" or any other part.
    Reply With Quote Reply With Quote
  4. 11-11-2009, 10:54 PM #4
    llama
    llama is offline Phoronix Member
    Join Date
    Dec 2008
    Location
    Halifax, NS, Canada
    Posts
    63

    Default Worst strcmp implementation ever

    I read this story, and though, ok, who thought it was a good idea to write their own strcmp. And how do you make that kind of mistake? Well, it turns out you make that kind of mistake by starting with a really convoluted loop in the first place:

    Here's the first commit that tried to fix the bug, where you can see the old
    version.
    http://bzr.savannah.gnu.org/lh/grub/...art_revid=1822

    corrected to, since it was using ptr2 uninitialized.
    http://bzr.savannah.gnu.org/lh/grub/.../revision/1807

    The loop looks like its trying to do something if the user types more characters than the stored password. I still don't see how anyone came up with that mess, and haven't made the effort to figure out exactly how it behaves for every input. I'm a fan of the trinary operator, but that loop just made my eyes glaze over.

    Fortunately Robert Millan rewrote Vladimir Serbinenko's grub_auth_strcmp function the sane way
    http://bzr.savannah.gnu.org/lh/grub/...art_revid=1822
    while adding a delay to defend against passwd guessing

    So now it's just basically
    Code:
    return strcmp(input, template);
    like it should have been in the first place! Don't write complicated logic when you can use standard string functions. Even in a stand-alone program like GRUB where you have to provide your own strcmp.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules