2

Kernels like linux-libre (standard in Debian and other free Linux distributions) ship no binary firmware packages by default.

From my limited understanding of their functionality, a binary firmware package, or "blob", is loaded onto the respective device and run on it, so it should not be executed on the host system.

Considering the packages are part of the root-system, is there a conceivable possibility that contents of the binary firmware could be directly run on the system with high privileges?

The concern being that binary firmware packages are not publically verifiable and usually automatically updated through software repositories to support newer devices, so they could potentially ship backdoors, keyloggers, a network tunnel or other malicious functionality at any point, if applicable.

Prototype700
  • 263
  • 2
  • 7
  • The problem with the firmware is that it is most likely not formatted like a ELF or PE executable. That means if you try to run it, the OS will not know what to do with it. –  May 20 '20 at 11:27
  • Even without running on your system, the firmware could still be backdoored. – multithr3at3d May 20 '20 at 13:20
  • @MechMK1, do you happen to know if the firmware has to be packaged in one of those formats? Wouldn't it be possible to include code to run on the system or does the way these files are handeled prevent that? – Prototype700 May 20 '20 at 18:46
  • @Prototype700 Anything is possible in theory. But as with all things, you have to ask yourself how much a theoretical possibility could theoretically harm you in theory. What really matters is if this is a risk in reality, and the problems with proprietary firmware are well-documented. –  May 20 '20 at 21:25
  • @MechMK1, yes, but there are different kinds of firmware. If you consider firmware running on a dedicated processor, initialising all hardware and having full access to all system resources, that's different from having a singular firmware blob loaded *onto* a VGA or NIC. I don't expect my DVD drive to be able to log my passwords and store or send them to an adversary. However, I don't know what's inside those blobs and if that's even a conceivable scenario - I'd assume that if nothing inside a firmware blob should even be executed on the host system, there would be security measures in place. – Prototype700 May 21 '20 at 00:31
  • @Prototype700 That depends what firmware it is. Your NIC has access to all your network trafic by default, and may actually have a bit more, depending on how it is designed (speak, DMA). Though you'd have to ask a bit more specifically for someone to be able to give a meaningful answer. –  May 21 '20 at 09:17

0 Answers0