GRUB, Linux and Bliss OS (Android)

Topic

New Reply

[doriel]

Hello friends,
Today when I was trying to test brand new discovery Bliss OS (Android for x86 PCs) I went through one question raised during installation:
If I want to enable GRUB or not. So I recalled the issues about how insecure it is, I went to few forums to snoop more wisdom. And I went to this artice

https://www.computerworld.com/article/3017202/gnu-linux-grub-backspace-28-itbwcw.html

that leads to this bombshell:

https://hothardware.com/news/hitting-backspace-28-times-grants-login-access-to-most-linux-systems

Anyone can confirm this?
I know, that in Android you unlock developper options including ADB (which I use) can be unlocked by clicking several times on the Android version. Someone with knowledge can do tricks, other do not have a chnace. But this is awesome, how many functions are hidden there?

And I have to say, that I did not make Bliss OS run on VMware. I tried some adjustments, but so far no success. I dont have spare machine at the moment to try physically.

Oficial statement is:

VMWare & VirtualBox is not officially supported

Available Bliss OS download at
https://sourceforge.net/projects/blissos-x86/

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

• This topic was modified 4 years, 4 months ago by doriel.
• This topic was modified 4 years, 4 months ago by doriel.

Reply | Quote

Replies

? says:

not very nice! don’t need grub:

https://unix.stackexchange.com/questions/326944/when-wouldnt-you-want-to-install-grub-bootloader

i use Slax 9 from Tomáš Matějíček (CZ)  sometimes:

https://en.wikipedia.org/wiki/Slax

boots through syslinux…

1 user thanked author for this post.

doriel

Reply | Quote

doriel wrote:

Today when I was trying to test brand new discovery Bliss OS (Android for x86 PCs) I went through one question raised during installation:
If I want to enable GRUB or not. So I recalled the issues about how insecure it is

There have been a few security issues that have been discovered and quickly fixed, but that doesn’t mean GRUB “is” insecure. It’s the standard bootloader of most Linux distros, and it has a lot of eyes on it as a result. It’s good that bugs are found and fixed, and with Linux, this usually happens very quickly.

The security issue you listed was only relevant if the user has password protection turned on in GRUB itself (not in Linux), which I didn’t even know was an option until now. No distro I’ve encounted sets it up that way by default, and according to the comments, the issue was fixed before the article even went to “press” five years ago.

I wouldn’t be afraid of GRUB. I’m using it on all of my PCs, and it works well, including secure boot configurations, if that is what you wish, on all of the major distros and their derivatives. If an issue is discovered, it will be fixed.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

For me, nothing happened (GRUB 2.04) – maybe it needed something more than what the articles say to do…

The vulnerability should have been patched five years ago in GRUB source and propagated in active distributions which should be using the latest stable GRUB version (2.04).

Do you want them to go back to using LILO or write a custom loader?

Reply | Quote

but that doesn’t mean GRUB “is” insecure.

I agree, I dont buy all the statements of big players on the market forcing us into non-sensical release cadence. Its just an argument its only purpose is to create atmosphere of fear, so you should buy their latest products to “stay safe”. Otherwise could be realityI have no intention in doing that.

Look at this example: In this paranoic era of information technology when we ar eunder constant pressure how insecure our PC with Windows 7 is, how is it even possible to expose username in Skype meetings?

If you are not satisfied with something in your life, would you stick to it? I wouldnt.
If you are affraid of something would you let your fear win? I wouldnt.
If you dont know something would you learn it? I would.

Pople are ADDICTED to applications. Plus they are scared. Plus they fear learning something new. If I put three beautiful women into your bed, would you refuse because “you dont have that experiance and dont know how t handle that”? I wouldnt refuse for a second!

Thats why Im trying to discover as much as possible. I can install GRUB, im not affraid, I was just wondering what boot loader will be used.

Thanks @Ascaris and Anonymous. Im very interested in Slax now, cause Im from czech republic too
See you soon friends.

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

Doriel,

You said :

Pople are ADDICTED to applications. Plus they are scared. Plus they fear learning something  new.  If I put three beautiful women into your bed, would you refuse because “you dont have that experiance and dont know how t handle that”? I wouldnt refuse for a second!

I really agree with you about people are scared !  They also want things to be easy to use as the most important feature which is directly opposite to security & privacy.  They also do not take ownership and responsibility as to how they change or use their digital devices.  Thus, when ransomeware gets installed, it is not due to anything that they have Not done or have done with their devices (usually there has been NO Backups done to the devices).  This is what I have experienced over the past, say thirty (30) years helping private citizens.

If the GRUB problem deals with the related BootHole reported insecurity, then from what I have read, regardless of distro, you need to have updated/upgraded to a more current version.  Here are some links :

https://betanews.com/2020/07/30/boothole-grub2-bootloder-vulnerability-windows-linux/

https://www.techspot.com/news/86181-flaw-grub2-bootloader-allows-hackers-bypass-secure-boot.html

From Memory, I believe that the Hacker needs physical access to your system, but that would be a bad thing in all circumstances.   I hope that these references helps you …

Regards,

xNavy73Dp

Reply | Quote