[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: what BIOS options are accessible (r/w) from the OS?



On Mon, Dec 23, 2002 at 10:26:17PM +0100, Timo --Blazko-- Boewing wrote:
> >>Btw.: what BIOS options can an OS read/set in general?
> > 
> > Give enough knowledge, root on your machine can set/read any option in
> > your BIOS.
> To this extend, this is quite new to me. In my "Windows days" i first
> heard of such things but was not aware that an OS can gain such
> influence on the BIOS / bypass it.

I think MS-DOS-based Windii still use BIOS calls to access disks, but
I'm fairly sure that the more modern ones, like Linux, will ignore it
and use their own drivers.  Thus, my kernel does not know or even care
if the disk is disabled or not.

Since my kernel has direct access to the hardware, it can alter the
non-volatile RAM that the BIOS uses to store these settings.  You can
too, if you're root.  Have a look at /dev/rtc sometime (IIRC).

> > keep down the number of things running as root.  Just unmount the disk
> > when you're not using it, and no one without root will be able to touch
> > it.  Of course, if someone gets root, they can do anything to your
> > machine, up to and including mounting drives, erasing files, installing
> ... yes, that was my first idea, but well - root. Security is always a
> compromise. I want to care ongoing about security but it shall not eat
> all my time (no lives depend on my data).
> But maybe i am going to install a simple power switch in the HDDs
> power cable... this shall render any attacker harmless. Physical
> detachment is the best way (just like with Computer M5 in Star Trek
> Classic :-) ) of protection.

You're on the right track here.  The only totally secure machine is one
that's unplugged from the network, hidden in a room and filled with
concrete.  Anything else is a compromise in the face of usability ;)
Seriously though, Debian is fairly secure.  If you're running stable
(Woody), an apt-get update while pointing at security.debian.org will be
enough for most everyone to be safe on the 'net.

-rob

Attachment: pgpihmxtVLxOC.pgp
Description: PGP signature


Reply to: