Moogs Posted May 11, 2014 Share #1 Posted May 11, 2014 First off I just want to preface this with saying I am very appreciative of the efforts on the XPE project but now with another boot option coming to fruition, nanoboot from a Chinese site, I wanted to ask about security. Has anyone been curious if there are security issues with any of these options? They all require their own pat files and I imagine with that there can be backdoor vulnerabilities created. How do we know people aren't baking trojans into this software? Link to comment Share on other sites More sharing options...
Schnapps Posted May 11, 2014 Share #2 Posted May 11, 2014 Good question. I don't know how to check it so I will take it for granted. Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Dfds Posted May 12, 2014 Share #3 Posted May 12, 2014 First off I just want to preface this with saying I am very appreciative of the efforts on the XPE project but now with another boot option coming to fruition, nanoboot from a Chinese site, I wanted to ask about security. Has anyone been curious if there are security issues with any of these options? They all require their own pat files and I imagine with that there can be backdoor vulnerabilities created. How do we know people aren't baking trojans into this software? Actually gnoboot uses Synologys's pat file, not sure about nanobbot as I haven't tried it. As for Trantor, yes it does require his modified pat file, but I've been using his versions for quite some time now & thus far have no reason to doubt him. Link to comment Share on other sites More sharing options...
Schnapps Posted May 12, 2014 Share #4 Posted May 12, 2014 Nanoboot last version uses original pat files. Sent from my iPhone using Tapatalk Link to comment Share on other sites More sharing options...
Moogs Posted May 12, 2014 Author Share #5 Posted May 12, 2014 ahh that's comforting. Thanks! Link to comment Share on other sites More sharing options...
GatekeeperZA Posted May 13, 2014 Share #6 Posted May 13, 2014 Ill stick to GnoBoot I feel safe with what he is putting out. Link to comment Share on other sites More sharing options...
fma965 Posted May 13, 2014 Share #7 Posted May 13, 2014 Ill stick to GnoBoot I feel safe with what he is putting out. in my opinion gnoboot is dead, no activity from him in a while, nanoboot is faster and is based on 5.0 source so better... but its ofcourse up to you xD but since you commented on my site im guessing your tempted haha xD Link to comment Share on other sites More sharing options...
Moogs Posted May 14, 2014 Author Share #8 Posted May 14, 2014 Nanoboot last version uses original pat files. So it seems referencing some of the latest discussion in the nanoboot thread that bootloaders can manipulate the pat files regardless of their source. The case in point is where nanoboot slipstreams old 4458 files into the 4482 to "make it work" where it's really copying files from an older build. This to me means that anything can be moved over to the system from the bootloader software. Now that there's a release that supports LSI 9211 and Intel l210 NICs I'll give it a go and see if I can audit the communication outbound. Link to comment Share on other sites More sharing options...
Recommended Posts