Re: Found, a new rootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mikkel L. Ellertson wrote:
Mike McCarty wrote:

Tim wrote:

I don't have a single Linux box here that listens to the modem.  I'd
have to install a service to do so.  Your MS-DOS box is no more secure
than any of them, for that point of attack.


I respectfully disagree with you on this point. Your Linux
machine has a device driver for that device, while my MSDOS
machine does not. So you *do* have software listening to
that device, which software potentially has security compromising
defects. I have no software on my MSDOS machine which listens
to the serial port. So if I install a modem on it, it remains
relatively secure.


I fail the see the difference between the Linux driver for a serial
port, and the DOS driver for COM ports, at least as far as security
goes. Nether driver does anything unless there is a program

You are right, in regards to the software itself. The difference
is that MSDOS does not automatically install device drivers
for COM ports, whereas Linux does.

accessing them. The fact that the serial driver is built in with
MS-DOS, and may be loadable under Linux does not make much

There is no built-in serial driver in MSDOS. MSDOS sits on top
of the BIOS. The drivers themselves simply make BIOS calls.
Unless some software makes a call to the driver, then the
COM port just sits.

difference. If anything, Linux without the driver loaded would be
slightly more secure.

I don't follow this, but certainly Linux w/o the driver installed
would be as secure as MSDOS.

[snip]

The thing that you are overlooking is that DOS has drivers for most
of the standard hardware ether built in, or accessible through the
system BIOS. If anything, accessing hardware through the system BIOS

If my MSDOS machine were connected, and someone bombarded the serial
port, all that would happen is that the bits would fall on the floor,
and the overrun error bit would get set in the UART. With Linux,
interrupts would be generated, and the driver would accept the bytes,
buffer them, and eventually dump the input. (Unless something has
changed since the last time I looked at the Linux serial drivers.)

can be more of a security risk. You never really know what is in the
BIOS. It is probably safe, as long as you are careful about updates.

Whatever is in the BIOS, it is still there when Linux is loaded.

Any time there is physical access, there is only *relative* security.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux