Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]

To: Martijn van Oosterhout <kleptog@cupid.suninternet.com>
Cc: debian-devel@lists.debian.org, quinot@enst.fr, pb@enst.fr, 56821@bugs.debian.org, Huneycutt@greebo.debian.org, Doug <doug.huneycutt@lmco.com>, Adam Di Carlo <adam@onshore.com>, Samuel Tardieu <sam@debian.org>
Subject: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
From: Anton Ivanov <aivanov@eu.level3.net>
Date: Wed, 02 Feb 2000 12:57:23 -0000 (GMT)
Message-id: <[🔎] XFMail.20000202125723.aivanov@eu.level3.net>
Reply-to: Anton Ivanov <aivanov@eu.level3.net>, 56821@bugs.debian.org
In-reply-to: <[🔎] 389823E6.37B56639@cupid.suninternet.com>

-----BEGIN PGP SIGNED MESSAGE-----


[snip]

> OTOH, if you have physical access to the machine is there really any
> security?

Some systems have some sort of "refuse to boot when tamered with" protection.
It is not so typical for PC's like in large iron, but f.e. Compaq's have it,
IBM has it as well, at least on some models. 

On these systems such an option makes sense. Otherwise it does not. You can
always circumvent it.

I think these make such a small percent of the market that they do not worth to
be considered a default. A separate package may as well do. Some of the
tampered/not tampered variables are readable via BIOS or IO calls on these
systems though usually getting docs on this is quite hard adn obviously may
require implementing a kernel module. 

- ----------------------------------
Anton R. Ivanov
IP Engineer Level3 Communications
RIPE: ARI2-RIPE      E-Mail: Anton Ivanov <aivanov@eu.level3.net>
@*** Laws of Gardening  (No 4 of 4) ***
      You get the most of what you need the least.

- ----------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQEVAwUBOJgpsSlWAw/bM84zAQFbvQgAidLDhPEx7Fgi+1szAdiUC1Gs5L03FIq9
gNnF9MKVfOOZvGG4xtNP6KT1Jghs84czYVe8JVSE7g7DFmgFE6HSv18rFlhqIOJw
r8slWMxugRoX0ERXiQQDZXT9JATOPsbt3KTAgNBizDxI4nSEhX228TaRkGyag5bs
dM+57bwCx4ihVYDHmbCZmXHCIHCbmNEF0m/D72sEuOaCj63wUwwDjCIwAaH8yfYZ
J6k9n8X8SM4z7FlDtlYLuSLDVYr377KxWijt3onMDYu+24iuXPxNncxrHRkjLSKh
XU5rT7jo46NRoExmdDXSgjPY7gy9fz9UL5EM9cNymVDHhcxaul5r3g==
=iNSl
-----END PGP SIGNATURE-----

Reply to:

References:
- Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
  - From: Martijn van Oosterhout <kleptog@cupid.suninternet.com>

Prev by Date: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
Next by Date: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Previous by thread: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
Next by thread: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
Index(es):
- Date
- Thread