On Mon, Dec 23, 2002 at 10:26:17PM +0100, Timo --Blazko-- Boewing wrote: > >>Btw.: what BIOS options can an OS read/set in general? > > > > Give enough knowledge, root on your machine can set/read any option in > > your BIOS. > To this extend, this is quite new to me. In my "Windows days" i first > heard of such things but was not aware that an OS can gain such > influence on the BIOS / bypass it. I think MS-DOS-based Windii still use BIOS calls to access disks, but I'm fairly sure that the more modern ones, like Linux, will ignore it and use their own drivers. Thus, my kernel does not know or even care if the disk is disabled or not. Since my kernel has direct access to the hardware, it can alter the non-volatile RAM that the BIOS uses to store these settings. You can too, if you're root. Have a look at /dev/rtc sometime (IIRC). > > keep down the number of things running as root. Just unmount the disk > > when you're not using it, and no one without root will be able to touch > > it. Of course, if someone gets root, they can do anything to your > > machine, up to and including mounting drives, erasing files, installing > ... yes, that was my first idea, but well - root. Security is always a > compromise. I want to care ongoing about security but it shall not eat > all my time (no lives depend on my data). > But maybe i am going to install a simple power switch in the HDDs > power cable... this shall render any attacker harmless. Physical > detachment is the best way (just like with Computer M5 in Star Trek > Classic :-) ) of protection. You're on the right track here. The only totally secure machine is one that's unplugged from the network, hidden in a room and filled with concrete. Anything else is a compromise in the face of usability ;) Seriously though, Debian is fairly secure. If you're running stable (Woody), an apt-get update while pointing at security.debian.org will be enough for most everyone to be safe on the 'net. -rob
Attachment:
pgpymF9uNbcZk.pgp
Description: PGP signature