Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > alt.os.development > #10003
| From | Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> |
|---|---|
| Newsgroups | alt.os.development |
| Subject | Re: FYSOS: The Graphical User Interface |
| Date | 2016-08-27 19:12 -0400 |
| Organization | Aioe.org NNTP Server |
| Message-ID | <20160827191211.45045e2c@_> (permalink) |
| References | (16 earlier) <npmeqp$lfe$1@dont-email.me> <npmi0l$12mr$1@gioia.aioe.org> <npmjmm$58b$1@dont-email.me> <npmp7f$1f9n$1@gioia.aioe.org> <nps2lp$pf2$1@dont-email.me> |
On Sat, 27 Aug 2016 13:56:25 +0100
James Harris <james.harris.1@gmail.com> wrote:
> On 25/08/2016 13:43, wolfgang kern wrote:
> > just check on the vector, if the seg-part is in the range of
> > 0xc000.. then you can be sure that this mean the video ROM.
>
> IIRC some machines allow RAM to be in that space. Others allow ROM to
> be shadowed by RAM. In either case, there could be malicious code
> there.
All my old machines have a BIOS setting that allows the BIOS to be
copied to RAM ("shadowed"). None of the motherboards I've purchased
since 2007 allow this. I tested my machines a few years ago in
order to see if the BIOS was in writable memory. I was hoping to
use this as one of many checks for emulation. None of the newer
machines had BIOS in writable RAM. The older machines had BIOS in
writable RAM only if the BIOS setting was enabled. Of course, this
should be for the 0xF000 and 0xE000 segments, not video 0xC000.
> >> Think about your own OS. Couldn't someone who understood its boot
> >> process provide the initial boot conditions the OS needs or
> >> expects?
> >
> > NO, such attempt would need a very strange modified BIOS.
>
> I cannot say what checks your OS carries out but here is a typical
> example of a boot process:
>
> 1. The boot loader places the kernel at the 1Mbyte mark.
>
> 2. The boot loader jumps to the kernel.
>
> 3. As long as the kernel has been started at the expected address it
> runs.
>
> In that example, there is nothing to stop a malicious program
> fiddling with the machine, inserting a step 1a, before starting the
> kernel.
Well, more like a step 0. I attempted to do something similar. It
wasn't malicious. I just wanted to change a vector before the OS and
bootloader ran so I could capture some info. The problem I had was
after my 7C00h code executed, I had problems getting the OS to boot
correctly. I'm sure it can be done reliably, but it may take some work
or details I didn't know.
> One thing such a malicious program could do is hook BIOS INTs. If it
> did, then a kernel breaking out to RM to issue BIOS calls would be
> compromised.
Hence, save a clean IVT copy when installing the OS.
> All that a hacker would need to know is the OS's boot process.
Changes can be detected by using a checksum. It's just a matter of
making sure the device is clean prior to installing the OS. The hacker
really has two choices 1) minimal intrusion which allows the OS to
function 2) major intrusion which would prevent the OS from working.
The first can be detected and fixed or blocked. The second allows the
malware can access the data but it can't transfer it without help from
the OS, but allows the malware to modify data stored on disks. It would
need to modify the OS to eliminate all traces of the initial intrusion,
create a back door so that the OS could boot cleanly, and then get the
OS to transfer or copy the data. E.g., bypass OS security to install
custom malware bootloader, reboot, patch OS or move data, reboot, not
be detected by the OS, OS executes patched code or hook, malware
transfers data to unprotected space or sends out over internet via
ethernet. While doable, this is a large amount of work. Bugs in the
OS, or zero day exploits, are an easier way in, and they're likely
needed to install the custom malware bootloader in the first place.
I.e., I think more effort should be spent on fixing OS bugs.
Rod Pemberton
Back to alt.os.development | Previous | Next — Previous in thread | Next in thread | Find similar
FYSOS: The Graphical User Interface "Benjamin David Lunt" <zfysz@fysnet.net> - 2016-07-08 11:52 -0700
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-16 11:00 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-16 11:14 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-16 19:07 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-16 19:42 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-16 21:32 +0200
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-16 23:22 -0400
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-17 13:50 +0200
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-18 01:41 -0400
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-18 10:47 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-17 08:45 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-17 13:57 +0200
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-18 01:47 -0400
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-18 10:59 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-18 11:37 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-18 17:38 -0400
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-19 10:03 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-19 22:34 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-22 17:43 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-22 19:04 +0200
Re: FYSOS: The Graphical User Interface "Rick C. Hodgin" <rick.c.hodgin@gmail.com> - 2016-08-16 04:18 -0700
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-16 12:25 +0100
Re: FYSOS: The Graphical User Interface "Rick C. Hodgin" <rick.c.hodgin@gmail.com> - 2016-08-16 04:41 -0700
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-16 19:19 +0200
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-16 19:14 +0200
Re: FYSOS: The Graphical User Interface "Benjamin David Lunt" <zfysz@fysnet.net> - 2016-08-16 19:24 -0700
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-17 12:26 +0200
Re: FYSOS: The Graphical User Interface "Mike Gonta" <mikegonta@gmail.com> - 2016-08-17 10:42 -0400
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-18 01:16 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-18 12:17 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-18 19:23 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-19 17:29 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-19 22:55 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-22 17:18 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-22 19:23 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-23 11:46 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-23 23:44 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-24 08:29 +0100
Re: FYSOS: The Graphical User Interface "Alexei A. Frounze" <alexfrunews@gmail.com> - 2016-08-24 02:39 -0700
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-24 17:43 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-24 11:25 +0200
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-23 17:50 -0400
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-24 09:14 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-24 12:39 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-25 10:46 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-25 12:40 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-25 12:10 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-25 14:43 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-27 13:56 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-27 15:59 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-27 17:03 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-27 22:43 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-28 09:22 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-28 11:51 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-28 13:08 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-27 19:12 -0400
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-28 10:41 +0200
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-28 08:48 -0400
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-27 19:12 -0400
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-28 10:16 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-28 08:46 -0400
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-28 18:45 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-28 17:51 -0400
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-29 07:55 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-29 06:40 -0400
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-31 06:43 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-24 07:00 -0400
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-25 11:37 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-25 18:45 -0400
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-26 10:00 +0200
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-26 16:16 -0400
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-27 15:10 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-27 17:59 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-27 19:11 -0400
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-28 10:56 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-28 08:45 -0400
Re: FYSOS: The Graphical User Interface "Benjamin David Lunt" <zfysz@fysnet.net> - 2016-08-17 20:12 -0700
csiph-web