Re: security issue: hard disk lock

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Llu, 2005-04-04 at 18:42, Jonas Diemer wrote:
> I figured there could be a kernel compiled-in option that will make the kernel 
> lock all drives found during bootup. then, a malicous program would need to 
> install a different kernel in order to harm the drive, which would be much 
> more secure.

It makes little difference as the attacker can replace the kernel and
reboot.
Anyway they can flash erase your video card bios, your IDE firmware,
your BIOS
and far more just as easily.

I wrote an analysis for the UK government a few years back about this
threat and concluded that a sufficiently malicious attacker and a
suitable hole would allow someone to wipe out large numbers of PCs on a
fairly permanent basis. We can just be glad that the folks writing stuff
like slammer mostly want either fame or are operating "commercially" (ie
DoS protection rackets, spam etc) so don't wish to kill their hosts.

>From an OS perspective it is very hard to protect against. Locking the
boot media can help providing the BIOS settings cannot be used to boot
another disk. Dropping CAP_SYS_RAWIO early in boot will protect against
most of the potential root user directly accesses the hardware type
attacks. hdparm can help but really it needs to be in the BIOS options
to make much difference so kick your pet BIOS vendor/PC maker.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux