On Llu, 2005-04-04 at 18:42, Jonas Diemer wrote: > I figured there could be a kernel compiled-in option that will make the > kernel > lock all drives found during bootup. then, a malicous program would need to > install a different kernel in order to harm the drive, which would be much > more secure.
It makes little difference as the attacker can replace the kernel and reboot. Anyway they can flash erase your video card bios, your IDE firmware, your BIOS and far more just as easily. I wrote an analysis for the UK government a few years back about this threat and concluded that a sufficiently malicious attacker and a suitable hole would allow someone to wipe out large numbers of PCs on a fairly permanent basis. We can just be glad that the folks writing stuff like slammer mostly want either fame or are operating "commercially" (ie DoS protection rackets, spam etc) so don't wish to kill their hosts. >From an OS perspective it is very hard to protect against. Locking the boot media can help providing the BIOS settings cannot be used to boot another disk. Dropping CAP_SYS_RAWIO early in boot will protect against most of the potential root user directly accesses the hardware type attacks. hdparm can help but really it needs to be in the BIOS options to make much difference so kick your pet BIOS vendor/PC maker. Alan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/