Circumventing kernel signing
Asheesh Laroia
asheesh at creativecommons.org
Thu Jan 3 02:20:26 EST 2008
On Thu, 3 Jan 2008, John Richard Moser wrote:
> I did not address the mass of other crap you could do to the system with
> root. I was only addressing evading the OFW security implementation for
> only booting signed OSes.
Here's another vector:
1. On a laptop that comes from the factory with the above security holes
fixed, install a current (as of Jan 2 2008) signed release (which is
signed with the same key, and therefore okay according to the XO)
2. Notice that it has (at least) the security holes described in this
thread.
3. kexec or modprobe your way to a different OS!
(4. Profit!)
-- Asheesh.
--
Mix a little foolishness with your serious plans; it's lovely to be silly
at the right moment.
-- Horace
More information about the Devel
mailing list