hi, looping the u-boot maintainer in... what's your opinion on this, Vagrant? On Tue, Mar 31, 2020 at 10:46:58PM +0200, Ola Lundqvist wrote: > I would like to have some advice about the u-boot triaging. > The problem is that someone can load an alternative configuration file > and by that boot arbitrary code. > I assume this means that the attacker must have physical access to the device. > > As I see it, this can be used to root devices that should not be > possible to root. > > My question is whether you think this is worth fixing in Debian. > > I lean towards that we should consider this as a minor issue for > Jessie but here I would like your opinion. > > Thank you in advance > > // Ola (I'd agree this is not worth fixing in jessie if this needs physical access.) -- cheers, Holger ------------------------------------------------------------------------------- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Attachment:
signature.asc
Description: PGP signature