[sf-lug] Boothole patch renders systems unbootable
Michael Paoli
Michael.Paoli at cal.berkeley.edu
Sat Aug 1 02:44:37 PDT 2020
> From: "Ken Shaffer" <kenshaffer80 at gmail.com>
> Subject: Re: [sf-lug] Meeting on August 2, 2020?
> Date: Fri, 31 Jul 2020 08:55:11 -0700
> Redhat Boothole patch renders systems unbootable. See
> https://access.redhat.com/solutions/5272311 Again, the media has
> overblown the threat, so don't panic and think about the threat, and
> still test before committing to production systems.
What could possibly go wrong? A great big giant bloat of software.
It has a minor bug ... arguably (barely) a security bug.
http://linuxmafia.com/pipermail/conspire/2020-August/011015.html
But hey, a big kerfuffle in the press/media (slow news day? Tired
of hearing about COVID-19 and Trump? Hey, we have a (itty bitty
teensy) bug ... let's write that up as a "severe" security bug. Uh huh.
And so it was. So ... scramble to patch "severe" <cough, cough>
security bug in giant bloated piece of software and get it out
fast ... what could go wrong? Oh, teensy security bug in
GRUB2 boot loader? Sure, let's patch that fast and get it out
there right away. What could go wrong? Oh, now you've got a *real*
problem ... thousands, maybe millions or more computers ... that
can't boot. "Oops."
And I'm presuming the screw-up atop screw-up was from upstream -
GNU's GRUB2 source ... as multiple distros were impacted by the
seriously flawed patch. E.g. this sequence also caught my attention:
https://lists.debian.org/debian-security-announce/2020/msg00141.html
https://lists.debian.org/debian-security-announce/2020/msg00144.html
"update for grub2" ... "caused a boot-regression"
More information about the sf-lug
mailing list