9th January 2017, 11:40
Quote:This vulnerability is specially serious in environments like libraries, ATMs, airport machines, labs, etc, where the whole boot process is protect (password in BIOS and GRUB) and we only have a keyboard or/and a mouseIt is exactly the opposite. Those who run a full disk encryption and need grub to decrypt the boot partition have nothing to worry as you then need to first crack the grub password/ decrypt stuff.
The issue in itself is not so major as some want to make it as even on systems with non encrypted /boot you have the option to access this non encrypted /boot (with physical access) and can modify the initrd to log keystrokes for example.
You are not able to access the / partition however as it is encrypted. As the busybox shell of initramfs is very basic you don't even get a text editor in it to modify the shell scripts.
Even simple network access is not something trivial to configure as at least in current iterations of debian and ubuntu a normal dhclient command will not make wget work with dns entries. So you still need an IP adress to download something malicious.
All in all this problem exists for several years already and I personally don't regard it as a bug but rather a debugging feature build into the initramfs scripts.
Btw. there is also the debug flag that allows you to go directly into initramfs if you want.