An interesting article came to my attention recently explaining how 28 clicks of the backspace key will break into the grub 2 shell and make the system vulnerable. It's a grubby bug that can be fixed with some patches, but the point being made here is that Linux is not devoid of exploits. I've not tested this out yet, but fixes have already been distributed by the major distro builders. If you are a Linux user, hopefully you got yours.
http://lifehacker.com/you-can-break-int ... 1748370796
Breaking Into Linux
Re: Breaking Into Linux
I just tried it Yogi. All it did was the same thing as hitting the back button in the browser, then it closed the browser and I was back at the desktop. I hit it about 40 times while on the desktop and nothing changed.
I'm on an older Debian 7 distro. I'll try it on Debian 8 and Mint 17 when I'm on those computers.
OK, just read the article. I will have to try it after I boot up a machine, and before I log-in.
Will let you know what I learn and what happens.
I'm on an older Debian 7 distro. I'll try it on Debian 8 and Mint 17 when I'm on those computers.
OK, just read the article. I will have to try it after I boot up a machine, and before I log-in.
Will let you know what I learn and what happens.
Re: Breaking Into Linux
It reads as if the problem is actually with Grub more than Linux. But, once you are into the shell, then the entire system is compromised.
Re: Breaking Into Linux
Sorry, I've not had a chance to do the tests I said I would do.
I spent the last three days in the hospital. The old ticker decided to act up again.
I had one 100% blockage, only this time it was to the same area of the heart the last heart attack took out, so no new damage, other than minimal was the result. I lucked out I guess.
I felt good enough to go home yesterday afternoon, but they wouldn't let me escape. Said I needed another night with no sleep and tons of more blood letting, hi hi...
Hopefully I'll get a chance to get back on schedule tomorrow!
I spent the last three days in the hospital. The old ticker decided to act up again.
I had one 100% blockage, only this time it was to the same area of the heart the last heart attack took out, so no new damage, other than minimal was the result. I lucked out I guess.
I felt good enough to go home yesterday afternoon, but they wouldn't let me escape. Said I needed another night with no sleep and tons of more blood letting, hi hi...
Hopefully I'll get a chance to get back on schedule tomorrow!
Re: Breaking Into Linux
Wow! I thought your absence was unusual, but it is the holidays and you are a busy person. I'm very glad that your hospital stay was minimal in spite of the potential seriousness of it all. I'm even more surprised that you feel up to using a computer after three days of blood letting. I'd be interested in knowing what you find out, but please take care of your own needs first. As far as I know, there is no way to reboot the hardware of the human body.
Re: Breaking Into Linux
Thanks Yogi
For me, REST is being in my garage office away from all the hullabaloo, and parked in front of my computer.
I had to reboot one of my computers this morning, and before logging in, I tried the backspace clicks.
It does take me back to the Grub boot selection screen, but not to any Shell, Grub or otherwise.
Anyone who boots up a computer gets the Grub Selection Screen.
I also tried hitting the backspace key while in the Grub Selection screen, and kept hitting it until I was up to around fifty clicks of the key, nothing changed.
Thinking perhaps I may have already got the upgrade to prevent this, I also tried it on a computer that has not had Internet access now for a couple of years. It has Debian 6, Debian 7, and Windows XP, as the options from the Grub Screen. Even going to the Debian 6 log-in screen, then pounding on the backspace key only took it back to the Grub Screen and no further. On this older system, the only options from the Grub Screen are to select an OS, a Safe Mode OS, or reboot. On a reboot you have the option of going into the bios before Grub opens, but this is true of any computer.
It could be I only have Grub 1 instead of Grub 2 on all of my machines too. I honestly don't know which one I have. It is whatever the OS installed. Since I did install Debian 8, and Mint 17 to blank hard drives, they probably have Grub 2, and I will try them the next time I have to reboot one of those machines.
I'm doing OK. My heart attack this time was a blockage in the same artery which was blocked during my first heart attack which did all the damage to my heart in the first place. So this one did not really do any more damage, and was caught immediately. The doc was standing by my bed when my heart attack took place, and had me in the OR within 3 minutes, and back out again in under 20 minutes, having removed the blood clot in an existing stent and added a larger stent. He also changed the drug he had me on, thinking it didn't do what it was supposed to do, and didn't let the layer which was supposed to form over it, form, and allowed platelets to build up to form the clog.
I feel much better now than I did for the several weeks leading up to this second heart attack.
Like a slow moving kitchen drain which only got worse until it was cleared.
Good thing it wasn't the other artery or it would have caused damage to another area of my heart.
So, for once, I lucked out.
TTUL
Gary
For me, REST is being in my garage office away from all the hullabaloo, and parked in front of my computer.
I had to reboot one of my computers this morning, and before logging in, I tried the backspace clicks.
It does take me back to the Grub boot selection screen, but not to any Shell, Grub or otherwise.
Anyone who boots up a computer gets the Grub Selection Screen.
I also tried hitting the backspace key while in the Grub Selection screen, and kept hitting it until I was up to around fifty clicks of the key, nothing changed.
Thinking perhaps I may have already got the upgrade to prevent this, I also tried it on a computer that has not had Internet access now for a couple of years. It has Debian 6, Debian 7, and Windows XP, as the options from the Grub Screen. Even going to the Debian 6 log-in screen, then pounding on the backspace key only took it back to the Grub Screen and no further. On this older system, the only options from the Grub Screen are to select an OS, a Safe Mode OS, or reboot. On a reboot you have the option of going into the bios before Grub opens, but this is true of any computer.
It could be I only have Grub 1 instead of Grub 2 on all of my machines too. I honestly don't know which one I have. It is whatever the OS installed. Since I did install Debian 8, and Mint 17 to blank hard drives, they probably have Grub 2, and I will try them the next time I have to reboot one of those machines.
I'm doing OK. My heart attack this time was a blockage in the same artery which was blocked during my first heart attack which did all the damage to my heart in the first place. So this one did not really do any more damage, and was caught immediately. The doc was standing by my bed when my heart attack took place, and had me in the OR within 3 minutes, and back out again in under 20 minutes, having removed the blood clot in an existing stent and added a larger stent. He also changed the drug he had me on, thinking it didn't do what it was supposed to do, and didn't let the layer which was supposed to form over it, form, and allowed platelets to build up to form the clog.
I feel much better now than I did for the several weeks leading up to this second heart attack.
Like a slow moving kitchen drain which only got worse until it was cleared.
Good thing it wasn't the other artery or it would have caused damage to another area of my heart.
So, for once, I lucked out.
TTUL
Gary
Re: Breaking Into Linux
Looks like it's a problem with Grub2 and only in the login screen at the username entry.it’s possible to bypass all security of a locked-down Linux machine by exploiting a bug in the Grub2 bootloader. Essentially, hitting backspace 28 times when the machine asks for your username accesses the “Grub rescue shell,”
I read about vulnerabilities all the time and wonder if it's all theoretical or did somebody actually have problems with it. In my role as system admin on a Unix network I would get notifications several times a week about vulnerabilities and the appropriate patches to apply. I don't think Linux is any better than Unix and probably has more vulnerable entry points than we can suspect. How many of them are serious is another question.
If you do regular updates to your OS, then I'd suspect that any patches for this particular backspace problem have been applied. I suppose some research would reveal what the patch is all about, but do we really care? You did the right thing to test your systems for possible problems. No problem found means ... no problem.
Apparently the human body has patches for it's vulnerabilities as well. And, apparently the patches can cause as much trouble as the original problem, if not more. I'm always amazed and how simple some of the modern day miracles of medicine can be; angioplasty is one example. I know a few people who had it done and they were up and running again in a few days. I'm glad to hear you are feeling much better, and hopefully the new procedure fixed the clogging problem permanently.
Re: Breaking Into Linux
Hi Yogi
I only rebooted one computer this morning with Debian 8.
It looks like if there was a patch it is already installed as you guessed.
I hit the backspace key at least 50 times and absolutely nothing happened.
I also tried it with the cursor in the password box, and in the username box, about 35 backspaces in each, still nothing.
I guess I'm going to have to die.
The new pills the doc prescribed which is supposed to prevent what the other pills was supposed to prevent but didn't has a very high price tag. Five Million Seven Hundred Thousand Dollars per the equivalent of one gallon.
This breaks down to $1,365.00 for 90 pills. Way over what I can afford to pay for pills. I don't make that much money.
I only rebooted one computer this morning with Debian 8.
It looks like if there was a patch it is already installed as you guessed.
I hit the backspace key at least 50 times and absolutely nothing happened.
I also tried it with the cursor in the password box, and in the username box, about 35 backspaces in each, still nothing.
I guess I'm going to have to die.
The new pills the doc prescribed which is supposed to prevent what the other pills was supposed to prevent but didn't has a very high price tag. Five Million Seven Hundred Thousand Dollars per the equivalent of one gallon.
This breaks down to $1,365.00 for 90 pills. Way over what I can afford to pay for pills. I don't make that much money.
Re: Breaking Into Linux
The article I quoted is from an organization called LifeHacker. They deal with a lot of hacks that are not computer related and I sometimes wonder if the people writing for them really do their homework. In this case I'd give them the benefit of a doubt and presume Debian is one step ahead of the LifeHacker reports. Or, as sometimes happens, they report on rumors instead of fact..
I can't tell you anything more than you do not know already. I've read some of your stores about your past experiences with the health care system and I think you know what can and cannot be done. The rub in all this is that something to improve the quality of your life is out there and available, but only if you can afford to pay for it. That price tag for a gallon of the life saving juice probably is justified and it's made available to the public because the people who produced it expect a positive return on their investment. I can't blame them for any of that. Then again it seems utterly inhumane that anyone should be denied help because they don't have the net worth of Bill Gates. If there is a positive side to this situation it would be that you are no worse off than being on the old drugs. You have been experiencing a certain degree of "good luck" lately and my hope is that the trend will continue.
I can't tell you anything more than you do not know already. I've read some of your stores about your past experiences with the health care system and I think you know what can and cannot be done. The rub in all this is that something to improve the quality of your life is out there and available, but only if you can afford to pay for it. That price tag for a gallon of the life saving juice probably is justified and it's made available to the public because the people who produced it expect a positive return on their investment. I can't blame them for any of that. Then again it seems utterly inhumane that anyone should be denied help because they don't have the net worth of Bill Gates. If there is a positive side to this situation it would be that you are no worse off than being on the old drugs. You have been experiencing a certain degree of "good luck" lately and my hope is that the trend will continue.
Re: Breaking Into Linux
I have Debian 7 on two different computers, using a different set of repositories for each.
The one gets updates every few days, those kind which seemed to annoy you the most.
The other computer only gets an update about once every month, sometimes every other month, and not usually the same things the other computer updated, which I thought was strange, since they are both the stable version, not testing.
I asked about it a couple of times before I found out the reason.
The package maintainers version gets updated at every single change for everything installed in the computer.
Meaning at all change levels, 1, 2, 3, 4, & 5.
While my other computer which is rarely updated is only set up to update levels 1, & 2, unless I manually run Update and select the other levels myself.
On the drug companies. A new drug is patented, and often sells for a high price for the 17 years of the patent.
But lately it seems they make a minor improvement to an existing drug and get a new patent on it, and they seem to wait until the original patent is near expiration. Naturally only the improvement is patented, but it still keeps the entire formula from going generic. Then too, generic drugs are taking major price hikes lately.
As I mentioned on the other forum a bit ago. I never saw but a few rare cases where prescription drugs went much over 2 million dollars per gallon. Now thousands have jumped to the 4 million dollar and up range. Or like my newest one, almost 6 million dollars a gallon. These are not new drugs, but those which are still under patent, which took these sudden price hikes. And most of the generics are following in suit with double to quadruple prices.
I do have the best drug plan I can get, but it doesn't help much when they keep moving the drugs up to a higher tier every year. What was on tier 2 in 2013 got moved up to tier 3 pricing in 2014, and now most are on tier 4 in 2015. I hate to see next years Formulary when it comes out.
The one gets updates every few days, those kind which seemed to annoy you the most.
The other computer only gets an update about once every month, sometimes every other month, and not usually the same things the other computer updated, which I thought was strange, since they are both the stable version, not testing.
I asked about it a couple of times before I found out the reason.
The package maintainers version gets updated at every single change for everything installed in the computer.
Meaning at all change levels, 1, 2, 3, 4, & 5.
While my other computer which is rarely updated is only set up to update levels 1, & 2, unless I manually run Update and select the other levels myself.
On the drug companies. A new drug is patented, and often sells for a high price for the 17 years of the patent.
But lately it seems they make a minor improvement to an existing drug and get a new patent on it, and they seem to wait until the original patent is near expiration. Naturally only the improvement is patented, but it still keeps the entire formula from going generic. Then too, generic drugs are taking major price hikes lately.
As I mentioned on the other forum a bit ago. I never saw but a few rare cases where prescription drugs went much over 2 million dollars per gallon. Now thousands have jumped to the 4 million dollar and up range. Or like my newest one, almost 6 million dollars a gallon. These are not new drugs, but those which are still under patent, which took these sudden price hikes. And most of the generics are following in suit with double to quadruple prices.
I do have the best drug plan I can get, but it doesn't help much when they keep moving the drugs up to a higher tier every year. What was on tier 2 in 2013 got moved up to tier 3 pricing in 2014, and now most are on tier 4 in 2015. I hate to see next years Formulary when it comes out.