Re: security issue: hard disk lock

From: Vernon Mauery
Date: Tue Apr 05 2005 - 10:47:03 EST

Next message: Marcel Holtmann: "Re: [PATCH 00/04] Load keyspan firmware with hotplug"
Previous message: Denis Vlasenko: "Re: [2.6.12-rc1-mm4] swapped memset arguments"
In reply to: Chris Friesen: "Re: security issue: hard disk lock"
Next in thread: Jonas Diemer: "Re: security issue: hard disk lock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Horst von Brand wrote:
> Jonas Diemer <diemer@xxxxxx> said:
>
> [...]
>
>
>>I figured there could be a kernel compiled-in option that will make the
>>kernel lock all drives found during bootup. then, a malicous program
>>would need to install a different kernel in order to harm the drive,
>>which would be much more secure.
>
>
> Doing it in initrd should be plenty of time, no need to involve the kernel.

Technically, according to the article, the only safe time to do it is in the BIOS or in one of their special safe CDs that freezes the drive before the boot loader loads. This makes sense because a particularly malicious place to put something like this is a worm that attaches to your boot loader. Then, even doing it in the kernel at boot time is too late.

--Vernon

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Marcel Holtmann: "Re: [PATCH 00/04] Load keyspan firmware with hotplug"
Previous message: Denis Vlasenko: "Re: [2.6.12-rc1-mm4] swapped memset arguments"
In reply to: Chris Friesen: "Re: security issue: hard disk lock"
Next in thread: Jonas Diemer: "Re: security issue: hard disk lock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]