User Tools

Site Tools


articles:purism

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

articles:purism [2019/07/26 17:48]
carver created
articles:purism [2019/08/05 18:30] (current)
carver
Line 1: Line 1:
 ====== The Problem With Purism ====== ====== The Problem With Purism ======
-[[https://​puri.sm|Purism]] is a software development and hardware development company. They specialize in making open source hardware and software. They claim they are a [[https://​puri.sm/​enterprise|security company]] as well.+[[https://​puri.sm|Purism]] is a software development and hardware development company. They specialize in making open source hardware and software. They claim they are a [[https://​puri.sm/​enterprise|security company]] as well. However, all of their computers run on Linux and their phone has an unlocked bootloader. This is a giant security hole as anyone with root access can completely reflash the bootloader with a bootkit. All the user has to do is install a malicious package, they don't even have to run it. Because of how debian'​s dpkg works, .deb files can write to any file in the entire filesystem, including the kernel. So much for secure. Another way security can be compromised is with a shell command creating a malicious execuable called ''​apt''​ changing the ''​$PATH''​ in ''​.profile''​ to point to this malicious file. This means that whenever a update is preformed, the malicious executable is executed instead of the legitimate ''​apt''​ executable, providing the malicious executable with root access as ''​apt''​ is ran as root
articles/purism.txt ยท Last modified: 2019/08/05 18:30 by carver