Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 20 Nov 2000 13:21:06 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 20 Nov 2000 13:20:56 -0500 Received: from 232-VALL-X7.libre.retevision.es ([62.83.213.232]:9088 "EHLO looping.es") by vger.kernel.org with ESMTP id ; Mon, 20 Nov 2000 13:20:41 -0500 Date: Mon, 20 Nov 2000 16:47:30 +0100 From: Ragnar Hojland Espinosa To: Dan Hollis Cc: David Woodhouse , Christer Weinigel , linux-kernel@vger.kernel.org Subject: Re: BTTV detection broken in 2.4.0-test11-pre5 Message-ID: <20001120164730.A176@macula.net> In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 0.95.6i In-Reply-To: ; from Dan Hollis on Sun, Nov 19, 2000 at 07:00:41PM -0800 Organization: Mediocrity Naysayers Ltd X-Homepage: http://maculaisdeadsoimmovingit/lightside Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Nov 19, 2000 at 07:00:41PM -0800, Dan Hollis wrote: > On Mon, 20 Nov 2000, David Woodhouse wrote: > > On Sun, 19 Nov 2000, Dan Hollis wrote: > > > Writeprotect the flashbios with the motherboard jumper, and remove the > > > cmos battery. > > > Checkmate. :-) > > Only if you run your kernel XIP from the flash. If you load it into RAM, > > it's still possible for an attacker to modify it. You can load new code > > into the kernel even if the kernel doesn't make it easy for you by having > > CONFIG_MODULES defined. > > The original assertion made was that a script kiddie could modify the > kernel so you wouldnt be able to detect a rooted box even after a reboot. > > What I posted would stop that cold, 100%. Boot from writeprotected floppy, > writeprotect the flashbios, and remove the cmos battery. There was some patch floating around so you could boot a new kernel without having to reboot. And I'm guessing you could also "box" it into a plex86 vm. -- ____/| Ragnar H?jland Freedom - Linux - OpenGL Fingerprint 94C4B \ o.O| 2F0D27DE025BE2302C =(_)= "Thou shalt not follow the NULL pointer for 104B78C56 B72F0822 U chaos and madness await thee at its end." hkp://keys.pgp.com Handle via comment channels only. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/