hi,
looping the u-boot maintainer in... what's your opinion on this, Vagrant?
On Tue, Mar 31, 2020 at 10:46:58PM +0200, Ola Lundqvist wrote:
> I would like to have some advice about the u-boot triaging.
> The problem is that someone can load an alternative configuration file
> and by that boot arbitrary code.
> I assume this means that the attacker must have physical access to the device.
>
> As I see it, this can be used to root devices that should not be
> possible to root.
>
> My question is whether you think this is worth fixing in Debian.
>
> I lean towards that we should consider this as a minor issue for
> Jessie but here I would like your opinion.
>
> Thank you in advance
>
> // Ola
(I'd agree this is not worth fixing in jessie if this needs physical access.)
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Attachment:
signature.asc
Description: PGP signature