Bug 457087
Summary: | grub/lilo: fails to sanitize keyboard buffer before and after reading password | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | bressers, pjones |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-03-22 15:42:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Hoger
2008-07-29 15:25:31 UTC
Jonathan's proposed solution: Implementing a chacking routine doing something like this, (this is real mode 16b asm, for nasm compiler) : ; zero 36b starting at address 0x40:0x1a xor ax,ax mov al, 0x40 mov ds, ax mov al, 0x1a mov si, ax mov cx, 0x24 xor al, al cleanall: mov [ds:si], ax loop cleanall and calling it _before_ and _after_ reading the password will fix both vulnerabilities. Opening bug, as all the information is public now via grub bug mailing list public archives: http://www.mail-archive.com/bug-grub@gnu.org/msg11628.html http://www.mail-archive.com/bug-grub@gnu.org/msg11629.html |