Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.security > #57
| From | Günther Schwarz <strap@gmx.de> |
|---|---|
| Newsgroups | comp.os.linux.security |
| Subject | Re: Write protection on SD cards |
| Date | 2011-11-05 11:51 +0000 |
| Message-ID | <9hkma2Fcu3U1@mid.individual.net> (permalink) |
| References | <9hb396F3fcU1@mid.individual.net> <j8rfg7$6n8$1@dont-email.me> |
Tobias Blass wrote: > On 2011-11-01, Günther Schwarz <strap@gmx.de> wrote: >> Most SD flash cards do have a little plastic thing for write >> protection. As far as I understand this is not connected to the >> electronics of the card but rather informs the card reader which in >> turn sends a read-only flag to the host (some readers do ignore the >> switch). How secure is this with Linux as the host OS? Will it be >> possible to force a mount with rw option? >> The background of my question is that I could make good use of a read- >> only device other than a optical disk on some systems. USB sticks with >> a switch for write protection seem to be as rare as hen's teeth today. >> > I think it's not *easy* to force an rw mount, so if you just want to > prevent accidental write access it should be sufficient. But if you (and > I think that's what you mean) want to prevent malicious writes I don't > think it's enough. I don't know whether there is something like a mount > option, but the attacker could (root access provided) e.g. load a kernel > module or install another kernel that does not check the write > protection switch. You understood that correctly. The device is supposed to survive in a clean state in case the systems gets compromised and thus allow for a fresh installation without having to insert a CD or doing a PXE boot. It should be better in this respect than an extra partition on the main hard disk. But still the security needs are moderate. From your comment and from what I find in the web it seems that ignoring the ro-flag is something that might be sufficiently rare and unlikely to accept it as a risk. Still a device that enforces write protection on the hardware level would be better, of course. Günther
Back to comp.os.linux.security | Previous | Next — Previous in thread | Next in thread | Find similar
Write protection on SD cards Günther Schwarz <strap@gmx.de> - 2011-11-01 20:31 +0000
Re: Write protection on SD cards Lusotec <nomail@nomail.not> - 2011-11-01 21:48 +0000
Re: Write protection on SD cards Tobias Blass <tobiasblass@gmx.net> - 2011-11-02 13:10 +0000
Re: Write protection on SD cards Günther Schwarz <strap@gmx.de> - 2011-11-05 11:51 +0000
Re: Write protection on SD cards mcanswer@mcanswer.pl - 2011-12-17 07:51 +0100
Re: Write protection on SD cards Günther Schwarz <strap@gmx.de> - 2011-12-17 16:32 +0000
csiph-web