Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://chaos.social/users/agowa338/statuses/114638178023516758">Klaus Frank (agowa338@chaos.social)'s status on Thursday, 12-Jun-2025 04:07:38 JST</a><a href="https://chaos.social/@agowa338" title="agowa338@chaos.social"><img src="https://gnusocial.jp/avatar/161170-48-20240513030312.webp" width="48" height="48" alt="Klaus Frank" style="position: absolute; left: 0; top: 0;">Klaus Frank</a><div><a href="https://fosstodon.org/@bluca/114637937113883720" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/121283" title="bluca@fosstodon.org">bluca</a></li><li><a href="https://gnusocial.jp/user/252638" title="siosm@floss.social">Timothée Ravier</a></li></ul></div></section><article><p><a href="https://fosstodon.org/@bluca">@bluca</a> <a href="https://mastodon.social/@pid_eins">@pid_eins</a> <a href="https://floss.social/@siosm">@siosm</a> <br>"for normal users" ArchLinux isn't necessarily for normal users.</p><p>What is worse in having the uefi signing keys compared to being able to place your malicious script within the build path of an UKI and thereby getting pulled in and (because you don't know about it) signed by you after entering the pin?<br>None. Both actions require the attacker having root permissions on your system...</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5185703#notice-10172337">In conversation</a><time datetime="2025-06-12T04:07:38+09:00" title="Thursday, 12-Jun-2025 04:07:38 JST">about 12 days ago</time> <span>from <span><a href="https://gnusocial.jp/notice/10172337" rel="external" title="Sent from gnusocial.jp via ActivityPub">gnusocial.jp</a></span></span><a href="https://gnusocial.jp/notice/10172337">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Klaus Frank (agowa338@chaos.social)'s status on Thursday, 12-Jun-2025 04:07:38 JSTKlaus Frank
in reply to
@bluca @pid_eins @siosm
"for normal users" ArchLinux isn't necessarily for normal users.
What is worse in having the uefi signing keys compared to being able to place your malicious script within the build path of an UKI and thereby getting pulled in and (because you don't know about it) signed by you after entering the pin?
None. Both actions require the attacker having root permissions on your system...
In conversationabout 12 days ago from gnusocial.jppermalink

Public

Embed Notice

HTML Code

Corresponding Notice