Author Topic: [Sec-Update] 2015-12-18 - Grub Back to 28 fix  (Read 2320 times)

0 Members and 1 Guest are viewing this topic.

Offline philm

  • Core Team
  • *****
  • Posts: 10671
    • Manjaro Linux
  • Branch: Unstable
  • Desktop: XFCE
  • GPU Card: Geforce GTX 650
  • GPU driver: non-free
  • Kernel: Maintainer - so all ;)
  • Skill: Guru
[Sec-Update] 2015-12-18 - Grub Back to 28 fix
« on: 18. December 2015, 21:24:08 »


Hitting a key over and over again actually works for once. Two security researchers in Spain recently uncovered a strange bug that will let you into most Linux machines just by hitting the backspace key 28 times. Here’s how to fix it and keep your data protected.

The researchers, Hector Marco and Ismael Ripoll from the Cybersecurity Group at Polytechnic University of Valencia, found that it’s possible to bypass all security of a locked-down Linux machine by exploiting a bug in the Grub2 bootloader. Essentially, hitting backspace 28 times when the machine asks for your username accesses the “Grub rescue shell,” and once there, you can access the computer’s data or install malware. To fix it, please update grub on all your machines running Manjaro. If you want more information about this issue you can read this.

Code: [Select]
sudo pacman -Sy grub

Offline philm

  • Core Team
  • *****
  • Posts: 10671
    • Manjaro Linux
  • Branch: Unstable
  • Desktop: XFCE
  • GPU Card: Geforce GTX 650
  • GPU driver: non-free
  • Kernel: Maintainer - so all ;)
  • Skill: Guru
Re: [Sec-Update] 2015-12-18 - Grub Back to 28 fix
« Reply #1 on: 18. December 2015, 21:29:41 »
If your mirror had not synced yet, you can get grub also from here:

Code: [Select]
sudo pacman -U http://mirror.netzspielplatz.de/manjaro/packages/pool/overlay/grub-2.02.beta2-14-$(uname -m).pkg.tar.xz

Offline LA-MJ

  • Neuling
  • *
  • Posts: 48
  • Skill: Intermediate
Re: [Sec-Update] 2015-12-18 - Grub Back to 28 fix
« Reply #2 on: 19. December 2015, 07:23:02 »
It's so funny it hurts...  :o

Offline philm

  • Core Team
  • *****
  • Posts: 10671
    • Manjaro Linux
  • Branch: Unstable
  • Desktop: XFCE
  • GPU Card: Geforce GTX 650
  • GPU driver: non-free
  • Kernel: Maintainer - so all ;)
  • Skill: Guru
Re: [Sec-Update] 2015-12-18 - Grub Back to 28 fix
« Reply #3 on: 19. December 2015, 10:26:35 »
Yeah, really funny. It took a while to find it. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected by this ;)

Offline CyberWolf2k14

  • Held Mitglied
  • *****
  • Posts: 1184
  • Computers make very fast, very accurate mistakes.
  • Branch: Stable-sysd229-LightDM
  • Desktop: MATE/Cinnamon/GNOME
  • GPU Card: nVidia GeForce GT740
  • GPU driver: nVidia-NF-364.19
  • Kernel: 4.4.9x64 / 4.2.8.9x64 / 4.1.23x64
  • Skill: Intermediate
Re: [Sec-Update] 2015-12-18 - Grub Back to 28 fix
« Reply #4 on: 19. December 2015, 13:49:10 »
Update installed smoothly...BUT
It did same as the most recent MEGA sized update.... My GRUB menu had multiple copies of each entry requiring me to use
grub customizer to fix.
Of course after the fix all was indeed quite well in the universe (at least my end of it that is).
 ;D 8)
PowerSpec Quad core Intel Core i5-4690K w/ 16GB RAM
Dual Boot = Win 7 Ult x64 and Manjaro 15.12 x64
===================================================
"A computer lets you make more mistakes faster than any invention in human history...
with the possible exceptions of handguns and tequila".

Offline philm

  • Core Team
  • *****
  • Posts: 10671
    • Manjaro Linux
  • Branch: Unstable
  • Desktop: XFCE
  • GPU Card: Geforce GTX 650
  • GPU driver: non-free
  • Kernel: Maintainer - so all ;)
  • Skill: Guru
Re: [Sec-Update] 2015-12-18 - Grub Back to 28 fix
« Reply #5 on: 05. January 2016, 10:05:13 »
Thx for the feedback.

Offline gohlip

  • Held Mitglied
  • *****
  • Posts: 1689
  • Desktop: OpenBox
  • GPU Card: nvidia
  • GPU driver: nonfree
  • Kernel: linux46 - x64
  • Skill: Intermediate
Re: [Sec-Update] 2015-12-18 - Grub Back to 28 fix
« Reply #6 on: 05. January 2016, 10:36:17 »
First, this 'backspace 28' affects those uses grub password; it has no effect on those who don't use grub password (obviously, ain't it?).
Anyway, it has been fixed.

Now, as to double entries, it will affect those who uses grub-customizer (has nothing to do with this 'backspace 28' nor the latest grub-update).
Anyone using grub-customizer will always have double entries after a grub update.
And he/she needs to go back to grub-customizer to fix this double entries.
Especially watch out after a kernel upgrade so the latest kernel is used instead of the old one (again, especially say, 4.4 rc3 to 4.4 rc4).
So repeat, nothing to do with 'backspace 28' or latest grub update, just the nature of grub-customizer.


disclosure:  tried grub-customizer about a few months ago to understand this xxxx .
     uninstalled it already, but after uninstalling, users still need to clean up some mess, like 'prefix-<something> and custom<40 something>' otherwise this 'double entendre' will still happen.
« Last Edit: 05. January 2016, 10:40:55 by gohlip »
Life is a sexually transmitted disease with a 100% mortality rate.

Offline thrasymachus

  • Neuling
  • *
  • Posts: 11
  • I'm new. Be nice!
  • Desktop: Awesome WM
  • Skill: Intermediate
Re: [Sec-Update] 2015-12-18 - Grub Back to 28 fix
« Reply #7 on: 06. January 2016, 02:44:07 »
All smooth for me, running Manjaro with OpenRC...

Offline gerstavros

  • Jr. Mitglied
  • **
  • Posts: 84
  • Branch: stable
  • Desktop: KDE5
  • GPU Card: AMD R5 230
  • GPU driver: Fglrx (non-free)
  • Kernel: 4.4.2-1
  • Skill: Advanced
Re: [Sec-Update] 2015-12-18 - Grub Back to 28 fix
« Reply #8 on: 07. January 2016, 14:52:01 »
I m writing it here because for unknown reason i cannot open new topic...
Yesterday my manjaro did some updates including an update of grub (not the one of december for the 28 bug, but a newer one)
After that, i cannot boot the manjaro
Here is what the entry looks like. The odd is that the system is in the 4th partition of the disk, but i m not sure what was before the entry

The errors in boot from grub (here i tried to find and run the grub-install but couldn't find the binary in any folder

And the error and kernel panic after trying manual boot from grub2 recovery disk

Any help appreciated, because it's serious problem for my work and studies

Offline AJSlye

  • Maintainer
  • ***
  • Posts: 4298
  • Netrunner Rolling Edition moderator / maintainer
  • Branch: Stable / Testing / Unstable
  • Desktop: Netrunner Rolling
  • GPU Card: Intel
  • GPU driver: Intel
  • Kernel: 4.4.1-1-MANJARO x86_64 (64 bit)
  • Skill: Guru
Re: [Sec-Update] 2015-12-18 - Grub Back to 28 fix
« Reply #9 on: 07. January 2016, 15:03:59 »
Looks like you partition uuid changed and it can't find root.
Do you have an encrypted partition?

Offline gerstavros

  • Jr. Mitglied
  • **
  • Posts: 84
  • Branch: stable
  • Desktop: KDE5
  • GPU Card: AMD R5 230
  • GPU driver: Fglrx (non-free)
  • Kernel: 4.4.2-1
  • Skill: Advanced
Re: [Sec-Update] 2015-12-18 - Grub Back to 28 fix
« Reply #10 on: 07. January 2016, 15:11:58 »
Looks like you partition uuid changed and it can't find root.
Do you have an encrypted partition?
thank you for answer. i don't have encrypted partition, neither changed anything in disks or partitions.
I tried to boot today a livecd of parted magic that i use often of services and check the uuid of the partition but that suddenly dont recignizes my disk. I ll try with other livecd

Offline gerstavros

  • Jr. Mitglied
  • **
  • Posts: 84
  • Branch: stable
  • Desktop: KDE5
  • GPU Card: AMD R5 230
  • GPU driver: Fglrx (non-free)
  • Kernel: 4.4.2-1
  • Skill: Advanced
Re: [Sec-Update] 2015-12-18 - Grub Back to 28 fix
« Reply #11 on: 07. January 2016, 16:10:59 »
Well the problem is much more serious than i thought. My ssd, where windows and manjaro are installed, is not suddenly recognized by any linux distro, neither the installed manjaro, nor any livecd. Bios and Windows see it correctly, but linux don't. Where can i find help for this issue? Googled it already and nothing found..

Offline gohlip

  • Held Mitglied
  • *****
  • Posts: 1689
  • Desktop: OpenBox
  • GPU Card: nvidia
  • GPU driver: nonfree
  • Kernel: linux46 - x64
  • Skill: Intermediate
Re: [Sec-Update] 2015-12-18 - Grub Back to 28 fix
« Reply #12 on: 07. January 2016, 16:42:15 »
Well, I hope you can still get to your grub entry (you didn't say).
At that Manjaro entry, press 'e'.
Arrow down to that linux line and go to the end.
Backspace to remove "resume=UUIDxxxxxxxxxxxxxx quiet splash"
Leaving just "linux /boot/vmlinuz-4.1-x86_64 root=UUID+xxxxxxxxxxxxxxxx rw"
Press F10 to boot.

If booted okay, there are a few things you need to do.
But do this first. Let us know.
Life is a sexually transmitted disease with a 100% mortality rate.

Offline philm

  • Core Team
  • *****
  • Posts: 10671
    • Manjaro Linux
  • Branch: Unstable
  • Desktop: XFCE
  • GPU Card: Geforce GTX 650
  • GPU driver: non-free
  • Kernel: Maintainer - so all ;)
  • Skill: Guru
Re: [Sec-Update] 2015-12-18 - Grub Back to 28 fix
« Reply #13 on: 07. January 2016, 17:08:20 »
@gerstavros: UUIDs are unique to the harddrive to define them even when you change their port on your mainboard. blkid should print them out:

Code: [Select]
sudo blkid
/dev/sda2: LABEL="swap" UUID="6dd17673-7ddb-4fd5-9c83-e3ef0116a872" TYPE="swap" PARTUUID="48afb528-02"
/dev/sda5: LABEL="root" UUID="d515079a-57d4-4aa9-9a18-c75e7776ace6" TYPE="ext4" PARTUUID="48afb528-05"
/dev/sda6: LABEL="root64" UUID="fcd883f2-5d60-4b71-9d17-1a24e210d2b6" TYPE="ext4" PARTUUID="48afb528-06"
/dev/sda7: LABEL="home" UUID="02b039ac-cc48-45a7-9f0b-61abb5360899" TYPE="ext4" PARTUUID="48afb528-07"
/dev/sdb1: UUID="2015-09-27-09-08-34-00" LABEL="MJRO1509" TYPE="iso9660" PTUUID="62c54f02" PTTYPE="dos" PARTUUID="62c54f02-01"
/dev/sdb2: SEC_TYPE="msdos" LABEL="MISO_EFI" UUID="D5B0-8AE8" TYPE="vfat" PARTUUID="62c54f02-02"

As you can see you can also use the devices as in /dev/sda5 for the root partition which is UUID="d515079a-57d4-4aa9-9a18-c75e7776ace6" in my case.

So changing from:

Code: [Select]
menuentry 'Manjaro Linux (Kernel: 4.1.15-1-MANJARO x64 - fallback initramfs)' --class manjaro --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.1.15-1-MANJARO x64-fallback-fcd883f2-5d60-4b71-9d17-1a24e210d2b6' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos6'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos6 --hint-efi=hd0,msdos6 --hint-baremetal=ahci0,msdos6  fcd883f2-5d60-4b71-9d17-1a24e210d2b6
else
  search --no-floppy --fs-uuid --set=root fcd883f2-5d60-4b71-9d17-1a24e210d2b6
fi
echo 'Linux 4.1.15-1-MANJARO x64 wird geladen …'
linux /boot/vmlinuz-4.1-x86_64 root=UUID=fcd883f2-5d60-4b71-9d17-1a24e210d2b6 rw  resume=UUID=6dd17673-7ddb-4fd5-9c83-e3ef0116a872 quiet splash
echo 'Initiale Ramdisk wird geladen …'
initrd /boot/intel-ucode.img /boot/initramfs-4.1-x86_64-fallback.img
}

to the following might help by using /dev/sdaX instead of UUID:

Code: [Select]
menuentry 'Manjaro Linux (Kernel: 4.1.15-1-MANJARO x64 - fallback initramfs)' --class manjaro --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.1.15-1-MANJARO x64-fallback-fcd883f2-5d60-4b71-9d17-1a24e210d2b6' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_msdos
insmod ext2
set root='hd0,msdos6'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,msdos6 --hint-efi=hd0,msdos6 --hint-baremetal=ahci0,msdos6  fcd883f2-5d60-4b71-9d17-1a24e210d2b6
else
  search --no-floppy --fs-uuid --set=root fcd883f2-5d60-4b71-9d17-1a24e210d2b6
fi
echo 'Linux 4.1.15-1-MANJARO x64 wird geladen …'
linux /boot/vmlinuz-4.1-x86_64 root=/dev/sda6 rw  resume=/dev/sda2 quiet splash
echo 'Initiale Ramdisk wird geladen …'
initrd /boot/intel-ucode.img /boot/initramfs-4.1-x86_64-fallback.img
}

However it would be good to check if they have changed in any way first. It is odd that you're not able to detect them with any Linux distro.

Offline gohlip

  • Held Mitglied
  • *****
  • Posts: 1689
  • Desktop: OpenBox
  • GPU Card: nvidia
  • GPU driver: nonfree
  • Kernel: linux46 - x64
  • Skill: Intermediate
Re: [Sec-Update] 2015-12-18 - Grub Back to 28 fix
« Reply #14 on: 07. January 2016, 17:16:27 »
As philm says, uuid should not have changed. But in case it does in your case (for root - shouln't be, maybe swap, that's why I ask you to do the above in case swap uuid change), you can do the following.

Press 'c' at grub menu. You will get  to a grub prompt (grub>)
Type in the following
Code: [Select]
search -f /boot/intel-ucode.imgget any input?
If yes, continue with following


Code: [Select]
search -f /boot/intel-ucode.img --set=root
probe -u $root --set=abc
linux /boot/vmlinuz-4.1-x86_64 root=UUID=$abc rw
initrd /boot/initramfs-x86_64.img
boot
Life is a sexually transmitted disease with a 100% mortality rate.