Groups | Search | Server Info | Login | Register
Groups > comp.os.linux.misc > #37679
| Subject | Re: uefi malware--threat to all? |
|---|---|
| Newsgroups | comp.os.linux.misc |
| References | (10 earlier) <191638ac475fb3327cbd4c3743205b13@msgid.frell.theremailer.net> <-6mdnQ6m2uggf735nZ2dnZfqnPudnZ2d@earthlink.com> <6357fjxeds.ln2@Telcontar.valinor> <ENCdnS7LU6kYlLz5nZ2dnZfqn_ednZ2d@earthlink.com> <p658fjx284.ln2@Telcontar.valinor> |
| From | "27E.G756" <27E.G756@noq24u.net> |
| Organization | anode intersection |
| Date | 2023-03-28 01:09 -0400 |
| Message-ID | <ssGdnbGqbuzy67_5nZ2dnZfqn_SdnZ2d@earthlink.com> (permalink) |
On 3/27/23 5:45 AM, Carlos E.R. wrote: > On 2023-03-27 05:11, 27E.G756 wrote: >> On 3/26/23 8:37 PM, Carlos E.R. wrote: >>> On 2023-03-27 02:26, 27E.G756 wrote: >>>> On 3/24/23 8:58 PM, Fritz Wuehler wrote: >>>>> jeshgrca <jeshg...@gmail.com> [j]: >>>>> j> "A programmer has a problem and thinks "I know! I'll use >>>>> sed(1)!" Now >>>>> j> the programmer has two problems." >>>>> >>>>> If 'sed' isn't one's cup of tea, there are other similar tools out >>>>> there >>>>> such as 'msrp', 'binmay', or in a pinch 'm4' to choose from. >>>>> >>>>> Replacing a bunch of fixed strings and numbers in a pre-recorded macro >>>>> script file isn't exactly rocket science. >>>> >>>> Careful ... I did that to a long script and ONE entry >>>> was "different" - and it erased the box :-) >>>> >>>> Yes, that CAN happen ... it was a 'reverse' of "rsync --delete" >>>> and finding blank 'source' files due to the error it proceeded >>>> to erase all the "obsolete" files it could get to ... >>> >>> Whoa! that happened to me. Run rsync --delete on the wrong backup >>> set. And deleted the original instead. >> >> In this case there were many live links open - including >> to an NAS. >> >> So guess ... >> >> GOOD reason to keep LOTS of backups here there and everywhere ! >> Storage is cheap these days. >> >> These days I open source NAS/cifs mounts READ-ONLY for backups, >> just in case, and only one at a time. > > > Yeah, well... I was creating the backups and verifying them. And any > way, what I deleted was the source! My case was ONE backup job that was just a *little bit* "different" and the search-n-replace didn't get it exactly right. Very subtle error but ........ Not even clear how to add the required IQ to ensure such evil cannot proceed. Hmmmm ... ok .... here's a dead practical question about achieving maximum 'isolation' during things like iffy backups. You cannot mount a subdir of a drive directly because the subdirs don't exist until the whole drive is mounted somewhere ..... ie "mount -t ext4 /dev/sdb1/mystuff" doesn't work. (actually safer to UUID= mounts because BIOS tends to move 'sdN' numbers around). You can use SAMBA/CIFS and mount a specific subdir, but that only works because Samba is mounting the entire drive *somewhere* and then feeding you the subdirs. Going thru Samba also slows things down 30-50% because of the overhead. The DESIRED outcome is to ONLY mount the subdir so wacko programs can't get to the whole drive never ever. Yea, you can mount the whole drive *somewhere* but, somewhere, it's all still exposed. The crash I described spread *everywhere* - every link, every mountpoint, on the whole machine and thus beyond. The only sort-of fix is to run the backups as a kinda restricted user ... but that often takes some doing, lots of permissions to set up. Can be kind of a mess to properly document. What I did was just at least mount the source as read-only. That limits the damage something like rsync --delete can do at least in the 'backwards' direction. Might not always work in the 'forwards' direction alas.
Back to comp.os.linux.misc | Previous | Next — Previous in thread | Next in thread | Find similar
uefi malware--threat to all? pH <wNOSPAMp@gmail.org> - 2023-03-06 18:13 +0000
Re: uefi malware--threat to all? Richard Kettlewell <invalid@invalid.invalid> - 2023-03-06 19:14 +0000
Re: uefi malware--threat to all? Marco Moock <mo01@posteo.de> - 2023-03-06 21:07 +0100
Re: uefi malware--threat to all? pH <wNOSPAMp@gmail.org> - 2023-03-07 00:36 +0000
Re: uefi malware--threat to all? "28B.I874" <28B.I874@noabzba.net> - 2023-03-06 20:10 -0500
Re: uefi malware--threat to all? Bobbie Sellers <bliss@mouse-potato.com> - 2023-03-06 17:11 -0800
Re: uefi malware--threat to all? "28B.I874" <28B.I874@noabzba.net> - 2023-03-07 00:46 -0500
Re: uefi malware--threat to all? Marco Moock <mo01@posteo.de> - 2023-03-07 08:42 +0100
Re: uefi malware--threat to all? Bobbie Sellers <bliss@mouse-potato.com> - 2023-03-07 08:01 -0800
Re: uefi malware--threat to all? The Natural Philosopher <tnp@invalid.invalid> - 2023-03-07 16:49 +0000
Re: uefi malware--threat to all? Marco Moock <mo01@posteo.de> - 2023-03-07 19:08 +0100
Re: uefi malware--threat to all? Bobbie Sellers <bliss@mouse-potato.com> - 2023-03-07 21:33 -0800
Re: uefi malware--threat to all? "28B.A864" <28B.A864@noqbgba.net> - 2023-03-16 01:24 -0400
Re: uefi malware--threat to all? The Natural Philosopher <tnp@invalid.invalid> - 2023-03-16 09:59 +0000
Re: uefi malware--threat to all? TJ <TJ@noneofyour.business> - 2023-03-16 15:18 -0400
Re: uefi malware--threat to all? Marco Moock <mo01@posteo.de> - 2023-03-16 21:05 +0100
Re: uefi malware--threat to all? Robert Heller <heller@deepsoft.com> - 2023-03-16 21:06 +0000
Re: uefi malware--threat to all? "29V.X746" <29V.X746@noqb1u.net> - 2023-03-16 22:43 -0400
Re: uefi malware--threat to all? "Carlos E.R." <robin_listas@es.invalid> - 2023-03-17 11:20 +0100
Re: uefi malware--threat to all? The Natural Philosopher <tnp@invalid.invalid> - 2023-03-17 11:56 +0000
Re: uefi malware--threat to all? Dan Espen <dan1espen@gmail.com> - 2023-03-17 15:00 -0400
Re: uefi malware--threat to all? "Carlos E.R." <robin_listas@es.invalid> - 2023-03-17 22:57 +0100
Re: uefi malware--threat to all? "29V.X746" <29V.X746@noqb1u.net> - 2023-03-17 22:03 -0400
Re: uefi malware--threat to all? The Natural Philosopher <tnp@invalid.invalid> - 2023-03-18 09:55 +0000
Re: uefi malware--threat to all? "29V.X746" <29V.X746@noqb1u.net> - 2023-03-17 21:55 -0400
Re: uefi malware--threat to all? Robert Riches <spamtrap42@jacob21819.net> - 2023-03-19 04:13 +0000
Re: uefi malware--threat to all? "29V.X746" <29V.X746@noqb1u.net> - 2023-03-19 02:38 -0400
Re: uefi malware--threat to all? "Carlos E.R." <robin_listas@es.invalid> - 2023-03-19 11:40 +0100
Re: uefi malware--threat to all? Bobbie Sellers <bliss@mouse-potato.com> - 2023-03-19 13:12 -0700
Re: uefi malware--threat to all? "29V.X746" <29V.X746@noqb1u.net> - 2023-03-20 01:05 -0400
Re: uefi malware--threat to all? Robert Riches <spamtrap42@jacob21819.net> - 2023-03-21 03:09 +0000
Re: uefi malware--threat to all? The Natural Philosopher <tnp@invalid.invalid> - 2023-03-20 20:27 +0000
Re: uefi malware--threat to all? "29V.X746" <29V.X746@noqb1u.net> - 2023-03-20 21:48 -0400
Re: uefi malware--threat to all? The Natural Philosopher <tnp@invalid.invalid> - 2023-03-17 11:47 +0000
Re: uefi malware--threat to all? TJ <TJ@noneofyour.business> - 2023-03-17 12:36 -0400
Re: uefi malware--threat to all? The Natural Philosopher <tnp@invalid.invalid> - 2023-03-17 11:46 +0000
Re: uefi malware--threat to all? TJ <TJ@noneofyour.business> - 2023-03-17 12:44 -0400
Re: uefi malware--threat to all? "Carlos E.R." <robin_listas@es.invalid> - 2023-03-16 22:14 +0100
Re: uefi malware--threat to all? TJ <TJ@noneofyour.business> - 2023-03-17 13:09 -0400
Re: uefi malware--threat to all? "Carlos E.R." <robin_listas@es.invalid> - 2023-03-17 23:35 +0100
Re: uefi malware--threat to all? The Natural Philosopher <tnp@invalid.invalid> - 2023-03-17 11:39 +0000
Re: uefi malware--threat to all? Roger Blake <rogblake@iname.invalid> - 2023-03-21 02:03 +0000
Re: uefi malware--threat to all? "29V.X746" <29V.X746@noqb1u.net> - 2023-03-21 01:13 -0400
Re: uefi malware--threat to all? Richard Kettlewell <invalid@invalid.invalid> - 2023-03-21 09:00 +0000
Re: uefi malware--threat to all? "Carlos E.R." <robin_listas@es.invalid> - 2023-03-21 11:52 +0100
Re: uefi malware--threat to all? "Carlos E.R." <robin_listas@es.invalid> - 2023-03-21 11:52 +0100
Re: uefi malware--threat to all? TJ <TJ@noneofyour.business> - 2023-03-21 10:30 -0400
Re: uefi malware--threat to all? Robert Heller <heller@deepsoft.com> - 2023-03-21 15:43 +0000
Re: uefi malware--threat to all? TJ <TJ@noneofyour.business> - 2023-03-21 12:29 -0400
Re: uefi malware--threat to all? Robert Heller <heller@deepsoft.com> - 2023-03-21 17:46 +0000
Re: uefi malware--threat to all? Fritz Wuehler <fritz@spamexpire-202303.rodent.frell.theremailer.net> - 2023-03-23 23:44 +0100
Re: uefi malware--threat to all? jeshgrca <jeshgrca@gmail.com> - 2023-03-23 21:56 -0500
Re: uefi malware--threat to all? Fritz Wuehler <fritz@spamexpire-202303.rodent.frell.theremailer.net> - 2023-03-25 01:58 +0100
Re: uefi malware--threat to all? "27E.G756" <27E.G756@noq24u.net> - 2023-03-26 20:26 -0400
Re: uefi malware--threat to all? "Carlos E.R." <robin_listas@es.invalid> - 2023-03-27 02:37 +0200
Re: uefi malware--threat to all? "27E.G756" <27E.G756@noq24u.net> - 2023-03-26 23:11 -0400
Re: uefi malware--threat to all? "Carlos E.R." <robin_listas@es.invalid> - 2023-03-27 11:45 +0200
Re: uefi malware--threat to all? "27E.G756" <27E.G756@noq24u.net> - 2023-03-28 01:09 -0400
Re: uefi malware--threat to all? Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2023-03-28 01:26 +0000
Re: uefi malware--threat to all? "27E.G756" <27E.G756@noq24u.net> - 2023-03-28 01:16 -0400
Re: uefi malware--threat to all? Marco Moock <mo01@posteo.de> - 2023-03-21 08:28 +0100
Re: uefi malware--threat to all? TJ <TJ@noneofyour.business> - 2023-03-21 10:22 -0400
Re: uefi malware--threat to all? "Carlos E.R." <robin_listas@es.invalid> - 2023-03-21 15:54 +0100
Re: uefi malware--threat to all? Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2023-03-21 18:25 +0000
Re: uefi malware--threat to all? "Carlos E.R." <robin_listas@es.invalid> - 2023-03-21 21:20 +0100
Re: uefi malware--threat to all? "27E.G756" <27E.G756@noq24u.net> - 2023-03-26 23:25 -0400
Re: uefi malware--threat to all? "Carlos E.R." <robin_listas@es.invalid> - 2023-03-27 11:47 +0200
Re: uefi malware--threat to all? "27E.G756" <27E.G756@noq24u.net> - 2023-03-28 23:01 -0400
Re: uefi malware--threat to all? Computer Nerd Kev <not@telling.you.invalid> - 2023-03-29 16:43 +1000
Re: uefi malware--threat to all? "22T.R732" <22TR732@noq24u.net> - 2023-03-30 21:41 -0400
Re: uefi malware--threat to all? TJ <TJ@noneofyour.business> - 2023-03-21 10:46 -0400
Re: uefi malware--threat to all? "Carlos E.R." <robin_listas@es.invalid> - 2023-03-07 09:07 +0100
Re: uefi malware--threat to all? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2023-03-07 13:00 -0500
Re: uefi malware--threat to all? Marco Moock <mo01@posteo.de> - 2023-03-07 19:09 +0100
Re: uefi malware--threat to all? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2023-03-07 14:56 -0500
Re: uefi malware--threat to all? Marco Moock <mo01@posteo.de> - 2023-03-07 19:09 +0100
Re: uefi malware--threat to all? "28B.I874" <28B.I874@noabzba.net> - 2023-03-07 21:39 -0500
Re: uefi malware--threat to all? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2023-03-07 22:35 -0500
Re: uefi malware--threat to all? "28B.I874" <28B.I874@noabzba.net> - 2023-03-08 01:29 -0500
Re: uefi malware--threat to all? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2023-03-08 01:48 -0500
Re: uefi malware--threat to all? "28C.I874" <28C.I874@noabgba.net> - 2023-03-08 20:35 -0500
Re: uefi malware--threat to all? The Natural Philosopher <tnp@invalid.invalid> - 2023-03-08 07:57 +0000
Re: uefi malware--threat to all? Richard Kettlewell <invalid@invalid.invalid> - 2023-03-08 08:59 +0000
Re: uefi malware--threat to all? The Natural Philosopher <tnp@invalid.invalid> - 2023-03-08 10:15 +0000
Re: uefi malware--threat to all? Richard Kettlewell <invalid@invalid.invalid> - 2023-03-08 15:14 +0000
Re: uefi malware--threat to all? Robert Heller <heller@deepsoft.com> - 2023-03-08 16:06 +0000
Re: uefi malware--threat to all? Rich <rich@example.invalid> - 2023-03-08 16:59 +0000
Re: uefi malware--threat to all? The Natural Philosopher <tnp@invalid.invalid> - 2023-03-08 17:55 +0000
Re: uefi malware--threat to all? The Natural Philosopher <tnp@invalid.invalid> - 2023-03-08 17:59 +0000
Re: uefi malware--threat to all? "Carlos E.R." <robin_listas@es.invalid> - 2023-03-08 20:33 +0100
Re: uefi malware--threat to all? Robert Heller <heller@deepsoft.com> - 2023-03-08 22:35 +0000
Re: uefi malware--threat to all? Marco Moock <mo01@posteo.de> - 2023-03-21 08:49 +0100
Re: uefi malware--threat to all? Marco Moock <mo01@posteo.de> - 2023-03-07 08:40 +0100
Re: uefi malware--threat to all? "Andrei Z." <no-email@invalid.invalid> - 2023-03-07 18:11 +0300
Re: uefi malware--threat to all? pH <wNOSPAMp@gmail.org> - 2023-03-07 20:44 +0000
Re: uefi malware--threat to all? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2023-03-07 16:32 -0500
Re: uefi malware--threat to all? Marco Moock <mo01@posteo.de> - 2023-03-21 08:27 +0100
Re: uefi malware--threat to all? The Natural Philosopher <tnp@invalid.invalid> - 2023-03-07 21:38 +0000
Re: uefi malware--threat to all? Bobbie Sellers <bliss@mouse-potato.com> - 2023-03-07 21:38 -0800
Re: uefi malware--threat to all? "Carlos E.R." <robin_listas@es.invalid> - 2023-03-08 12:00 +0100
Re: uefi malware--threat to all? The Natural Philosopher <tnp@invalid.invalid> - 2023-03-08 11:06 +0000
Re: uefi malware--threat to all? Marco Moock <mo01@posteo.de> - 2023-03-08 12:50 +0100
Re: uefi malware--threat to all? "Carlos E.R." <robin_listas@es.invalid> - 2023-03-08 13:20 +0100
csiph-web