Once someone has hacked in and is root, they can already do these things.
There is nothing stopping them from writing their own flash-bios writing
utility and executing it as root (or, if need be, writing it as a kernel
module and insmod'ing it). Adding it to the standard kernel source tree
only makes it a little easier for a malicious hacker who doesn't want to
take the trouble to write their own code.
..my $.02
Jason
jsh@truedesign.com
On Thu, 12 Feb 1998, Aaron Tiensivu wrote:
> I might be a little on the paranoid side about my system, but the prospect of
> having the flash bios open as a device to use bothers me. I'd assume that if it
> makes it into the official kernel, I hope that it is not included with default
> configurations. I can forsee a hacker breaking my box and nuking my flash bios.
> Not cool.
>
> Binding it to a SysReq key might make it a "local only" type of function, but
> I'm not sure how much real value /dev/flashbios has overall. Most BIOSs are
> issued by motherboard manufacturers with various flash utilities. There are a
> bunch of different types of flash bios's too, so, if you choose the wrong
> brand/type/etc, bye bye system (until you do the hot-bios swap).
>
> I might not be totally informed on this issue, so let me have it if I'm wrong
> with any of this. :)
>
> Just figured I'd voice my opinion.
>
> @
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu