2009/8/25 Vladimir 'phcoder' Serbinenko <phco...@gmail.com>: >> However, that CVE is about grub leaving its passwords in memory. >> Wiping memory used by grub should be fast - orders of magnitude faster >> than loading the OS kernel for example. > Actually this specific report is about BIOS leaving its keyboard > buffer - you can find BIOS password there too. As BIOS is proprietary > firmware whatever we do we can never ensure it being secure. Even the
Even if many BIOSes leave their password there it's not reason to be as sloppy. I am not particularly concerned about this issue but the BIOS typically requires a reboot after typing the password so if it is half-decently implemented it clears the buffer during initialization. If it does not it's not grub's concern, it should do its part by clearing its own sensitive data (if any). Thanks Michal _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
