Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.os.linux.security > #53 > unrolled thread

Write protection on SD cards

Started byGünther Schwarz <strap@gmx.de>
First post2011-11-01 20:31 +0000
Last post2011-12-17 16:32 +0000
Articles 6 — 4 participants

Back to article view | Back to comp.os.linux.security


Contents

  Write protection on SD cards Günther Schwarz <strap@gmx.de> - 2011-11-01 20:31 +0000
    Re: Write protection on SD cards Lusotec <nomail@nomail.not> - 2011-11-01 21:48 +0000
    Re: Write protection on SD cards Tobias Blass <tobiasblass@gmx.net> - 2011-11-02 13:10 +0000
      Re: Write protection on SD cards Günther Schwarz <strap@gmx.de> - 2011-11-05 11:51 +0000
        Re: Write protection on SD cards mcanswer@mcanswer.pl - 2011-12-17 07:51 +0100
          Re: Write protection on SD cards Günther Schwarz <strap@gmx.de> - 2011-12-17 16:32 +0000

#53 — Write protection on SD cards

FromGünther Schwarz <strap@gmx.de>
Date2011-11-01 20:31 +0000
SubjectWrite protection on SD cards
Message-ID<9hb396F3fcU1@mid.individual.net>
Most SD flash cards do have a little plastic thing for write protection. 
As far as I understand this is not connected to the electronics of the 
card but rather informs the card reader which in turn sends a read-only 
flag to the host (some readers do ignore the switch). How secure is this 
with Linux as the host OS? Will it be possible to force a mount with rw 
option?
The background of my question is that I could make good use of a read-
only device other than a optical disk on some systems. USB sticks with a 
switch for write protection seem to be as rare as hen's teeth today.

Günther

[toc] | [next] | [standalone]


#54

FromLusotec <nomail@nomail.not>
Date2011-11-01 21:48 +0000
Message-ID<j8ppfe$elb$1@dont-email.me>
In reply to#53
Günther Schwarz wrote:
> Most SD flash cards do have a little plastic thing for write protection.
> As far as I understand this is not connected to the electronics of the
> card but rather informs the card reader which in turn sends a read-only
> flag to the host (some readers do ignore the switch). How secure is this
> with Linux as the host OS? Will it be possible to force a mount with rw
> option?
> The background of my question is that I could make good use of a read-
> only device other than a optical disk on some systems. USB sticks with a
> switch for write protection seem to be as rare as hen's teeth today.
> 
> Günther

Linux respects the write protection of SD cards

I get this line "sd 6:0:0:0: [sde] Write Protect is on" in dmesg after 
inserting a write protected SD card in this GNU/Linux system.

Trying to mount as RW gives the produces the following message.

$ LANGUAGE=C mount -o rw /dev/sdb1 /mnt/tmp/
mount: block device /dev/sdb1 is write-protected, mounting read-only

I don't know If there is a way to force Linux to ignore the write 
protection.

Regards.

[toc] | [prev] | [next] | [standalone]


#55

FromTobias Blass <tobiasblass@gmx.net>
Date2011-11-02 13:10 +0000
Message-ID<j8rfg7$6n8$1@dont-email.me>
In reply to#53
On 2011-11-01, Günther Schwarz <strap@gmx.de> wrote:
> Most SD flash cards do have a little plastic thing for write protection. 
> As far as I understand this is not connected to the electronics of the 
> card but rather informs the card reader which in turn sends a read-only 
> flag to the host (some readers do ignore the switch). How secure is this 
> with Linux as the host OS? Will it be possible to force a mount with rw 
> option?
> The background of my question is that I could make good use of a read-
> only device other than a optical disk on some systems. USB sticks with a 
> switch for write protection seem to be as rare as hen's teeth today.
>
I think it's not *easy* to force an rw mount, so if you just want to prevent
accidental write access it should be sufficient. But if you (and I think that's
what you mean) want to prevent malicious writes I don't think it's enough. I
don't know whether there is something like a mount option, but the attacker
could (root access provided) e.g. load a kernel module or install another kernel
that does not check the write protection switch.

[toc] | [prev] | [next] | [standalone]


#57

FromGünther Schwarz <strap@gmx.de>
Date2011-11-05 11:51 +0000
Message-ID<9hkma2Fcu3U1@mid.individual.net>
In reply to#55
Tobias Blass wrote:

> On 2011-11-01, Günther Schwarz <strap@gmx.de> wrote:
>> Most SD flash cards do have a little plastic thing for write
>> protection. As far as I understand this is not connected to the
>> electronics of the card but rather informs the card reader which in
>> turn sends a read-only flag to the host (some readers do ignore the
>> switch). How secure is this with Linux as the host OS? Will it be
>> possible to force a mount with rw option?
>> The background of my question is that I could make good use of a read-
>> only device other than a optical disk on some systems. USB sticks with
>> a switch for write protection seem to be as rare as hen's teeth today.
>>
> I think it's not *easy* to force an rw mount, so if you just want to
> prevent accidental write access it should be sufficient. But if you (and
> I think that's what you mean) want to prevent malicious writes I don't
> think it's enough. I don't know whether there is something like a mount
> option, but the attacker could (root access provided) e.g. load a kernel
> module or install another kernel that does not check the write
> protection switch.

You understood that correctly. The device is supposed to survive in a 
clean state in case the systems gets compromised and thus allow for a 
fresh installation without having to insert a CD or doing a PXE boot. It 
should be better in this respect than an extra partition on the main hard 
disk. But still the security needs are moderate.
From your comment and from what I find in the web it seems that ignoring 
the ro-flag is something that might be sufficiently rare and unlikely to 
accept it as a risk. Still a device that enforces write protection on the 
hardware level would be better, of course.

Günther

[toc] | [prev] | [next] | [standalone]


#75

Frommcanswer@mcanswer.pl
Date2011-12-17 07:51 +0100
Message-ID<7tobv7pu6a.fsf@leeloo.local.mcanswer.pl>
In reply to#57
Günther Schwarz <strap@gmx.de> writes:

> Tobias Blass wrote:
>
>> On 2011-11-01, Günther Schwarz <strap@gmx.de> wrote:
>>            the attacker could (root access provided) e.g. load a kernel
>> module or install another kernel that does not check the write
>> protection switch.
>
> You understood that correctly. The device is supposed to survive in a 
> clean state in case the systems gets compromised and thus allow for a 
> fresh installation without having to insert a CD or doing a PXE boot. It 
> should be better in this respect than an extra partition on the main hard 
> disk. But still the security needs are moderate.

You can always use some mandatory access control preventing attacker
from access to this device and/or from load kernel modules. 
The first one could be done by SeLinux or RBAC,
second one by for ex. GrSecurity

[toc] | [prev] | [next] | [standalone]


#76

FromGünther Schwarz <strap@gmx.de>
Date2011-12-17 16:32 +0000
Message-ID<9l3ugmFc2sU1@mid.individual.net>
In reply to#75
mcanswer wrote:

> Günther Schwarz <strap@gmx.de> writes:
> 
>> Tobias Blass wrote:
>>
>>> On 2011-11-01, Günther Schwarz <strap@gmx.de> wrote:
>>>            the attacker could (root access provided) e.g. load a
>>>            kernel
>>> module or install another kernel that does not check the write
>>> protection switch.
>>
>> You understood that correctly. The device is supposed to survive in a
>> clean state in case the systems gets compromised and thus allow for a
>> fresh installation without having to insert a CD or doing a PXE boot.
>> It should be better in this respect than an extra partition on the main
>> hard disk. But still the security needs are moderate.
> 
> You can always use some mandatory access control preventing attacker
> from access to this device and/or from load kernel modules. The first
> one could be done by SeLinux or RBAC, second one by for ex. GrSecurity

These are all very useful in protecting a running system. But then my 
question was if a SD might be considered as reasonably safe in a scenario 
where an uncontrolled system an kernel are running. Just think of a bug 
or a misconfiguration in the BIOS setup which allows for booting from a 
CD or USB device instead from the hard disk.

Günther

[toc] | [prev] | [standalone]


Back to top | Article view | comp.os.linux.security


csiph-web