Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.security > #76
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!news.musoftware.de!wum.musoftware.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail |
|---|---|
| From | Günther Schwarz <strap@gmx.de> |
| Newsgroups | comp.os.linux.security |
| Subject | Re: Write protection on SD cards |
| Date | 17 Dec 2011 16:32:22 GMT |
| Lines | 29 |
| Message-ID | <9l3ugmFc2sU1@mid.individual.net> (permalink) |
| References | <9hb396F3fcU1@mid.individual.net> <j8rfg7$6n8$1@dont-email.me> <9hkma2Fcu3U1@mid.individual.net> <7tobv7pu6a.fsf@leeloo.local.mcanswer.pl> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=UTF-8 |
| Content-Transfer-Encoding | 8bit |
| X-Trace | individual.net Fnmnx3fKj9w2xr4GznsbOATh2gulKbPcqVzFIXSwqq682BuMclCxDPgRKm |
| Cancel-Lock | sha1:/LKWBXwC/X9Qai0HZaVCZe3sEuU= |
| User-Agent | Pan/0.132 (Waxed in Black) |
| Xref | x330-a1.tempe.blueboxinc.net comp.os.linux.security:76 |
Show key headers only | View raw
mcanswer wrote: > Günther Schwarz <strap@gmx.de> writes: > >> Tobias Blass wrote: >> >>> On 2011-11-01, Günther Schwarz <strap@gmx.de> wrote: >>> the attacker could (root access provided) e.g. load a >>> kernel >>> module or install another kernel that does not check the write >>> protection switch. >> >> You understood that correctly. The device is supposed to survive in a >> clean state in case the systems gets compromised and thus allow for a >> fresh installation without having to insert a CD or doing a PXE boot. >> It should be better in this respect than an extra partition on the main >> hard disk. But still the security needs are moderate. > > You can always use some mandatory access control preventing attacker > from access to this device and/or from load kernel modules. The first > one could be done by SeLinux or RBAC, second one by for ex. GrSecurity These are all very useful in protecting a running system. But then my question was if a SD might be considered as reasonably safe in a scenario where an uncontrolled system an kernel are running. Just think of a bug or a misconfiguration in the BIOS setup which allows for booting from a CD or USB device instead from the hard disk. Günther
Back to comp.os.linux.security | Previous | Next — Previous in thread | Find similar
Write protection on SD cards Günther Schwarz <strap@gmx.de> - 2011-11-01 20:31 +0000
Re: Write protection on SD cards Lusotec <nomail@nomail.not> - 2011-11-01 21:48 +0000
Re: Write protection on SD cards Tobias Blass <tobiasblass@gmx.net> - 2011-11-02 13:10 +0000
Re: Write protection on SD cards Günther Schwarz <strap@gmx.de> - 2011-11-05 11:51 +0000
Re: Write protection on SD cards mcanswer@mcanswer.pl - 2011-12-17 07:51 +0100
Re: Write protection on SD cards Günther Schwarz <strap@gmx.de> - 2011-12-17 16:32 +0000
csiph-web