Re: [OFFTOPIC] Re: /dev/nvram on my Celebris

Neil Conway (nconway.list@ukaea.org.uk)
Fri, 27 Nov 1998 11:08:22 +0000

Rafael Reilova wrote:
>
> On Thu, 26 Nov 1998, Neil Conway wrote:
>
> > On this (bios destruction by rogue root) thread, someone already
> > suggested that a reboot wasn't necessary.
> >
> > This presumably means using ioperm() etc. but I guess this would only
> > work if the BIOS reflash was controlled by I/O and not by memory map (or
> > both).
>
> It doesn't matter. Chose one of these:
>
> /proc/kcore
> /dev/mem
> /dev/kmem
> /dev/port
>
> If they don't exist create the /dev files with mknod, or do
>
> # ismod destroy_bios.o
>
> and run arbitrary code in kernel mode.
>
> This is just a sampling, there are plenty of other ways. Root can do
> anything, there is no way around it, get this into you head ;-)

Well, if we were *really* bothered about this, we could surely hardwire
the kernel never to write to certain pages, in such a way as to require
a reboot with a new kernel or at least a module to be loaded. Even root
can only get certain permissions by either loading modules (which get
priv mode in the chip) or by using device files for access to existing
drivers. Or I could still be talking rubbish. Couldn't
/dev/{mem|kmem|kcore} be hardwired to prevent BIOS flashing ?

It's easy to prevent modules being loaded: don't compile the kernel with
support. It's also easy to prevent rebooting with a new kernel...

N
ps: naturally, we probably don't give a damn anyway, as the machine
would already be totally compromised, but it could save a few quid if
the BIOS were still intact after the attack.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/