Re: Found, a new rootkit

On Fri, 2006-04-07 at 15:41 -0500, Mikkel L. Ellertson wrote:
Mike McCarty wrote:
Mikkel L. Ellertson wrote:
Mike McCarty wrote:

Tim wrote:

I don't have a single Linux box here that listens to the modem. I'd
have to install a service to do so. Your MS-DOS box is no more secure
than any of them, for that point of attack.


I respectfully disagree with you on this point. Your Linux
machine has a device driver for that device, while my MSDOS
machine does not. So you *do* have software listening to
that device, which software potentially has security compromising
defects. I have no software on my MSDOS machine which listens
to the serial port. So if I install a modem on it, it remains
relatively secure.


I fail the see the difference between the Linux driver for a serial
port, and the DOS driver for COM ports, at least as far as security
goes. Nether driver does anything unless there is a program

You are right, in regards to the software itself. The difference
is that MSDOS does not automatically install device drivers
for COM ports, whereas Linux does.

accessing them. The fact that the serial driver is built in with
MS-DOS, and may be loadable under Linux does not make much

There is no built-in serial driver in MSDOS. MSDOS sits on top
of the BIOS. The drivers themselves simply make BIOS calls.
Unless some software makes a call to the driver, then the
COM port just sits.

Are you sure about that? As far as I know, the BIOS does not know
about serial ports. The settings for I/O and IRQ for a COM port are
part of DOS< and not a BIOS setting. You can change them, and swap
COM1 and COM2, I have a DOS utility that does this around here
somewhere. It will also swap around LPT settings.


The bios *does* know about the serial ports. It has to make them
available to the OS.
If it did not know about and initialize the hardware, how could there be
settings in bios to enable/disable the ports? Every bios I have used
for many years has that option available.

The bios does not use them, nor contain drivers, but it does initialize
the hardware and hand it off to the OS.

OTOH, bios can and does use the ethernet ports for PXE boot.


difference. If anything, Linux without the driver loaded would be
slightly more secure.

I don't follow this, but certainly Linux w/o the driver installed
would be as secure as MSDOS.

[snip]

The thing that you are overlooking is that DOS has drivers for most
of the standard hardware ether built in, or accessible through the
system BIOS. If anything, accessing hardware through the system BIOS

If my MS-DOS machine were connected, and someone bombarded the serial
port, all that would happen is that the bits would fall on the floor,
and the overrun error bit would get set in the UART. With Linux,
interrupts would be generated, and the driver would accept the bytes,
buffer them, and eventually dump the input. (Unless something has
changed since the last time I looked at the Linux serial drivers.)

From what I remember, the IRQs are not enabled in ether OS until
something opens the port. Once you open the port, both DOS and
Linux process the IRQ. Both have code to handle buffer overrun.

can be more of a security risk. You never really know what is in the
BIOS. It is probably safe, as long as you are careful about updates.

Whatever is in the BIOS, it is still there when Linux is loaded.

It is still there, but Linux does not use the BIOS to access the
hardware. Code that is not executed is not a security risk. DOS uses
the BIOS for things like disk access, video access, etc. Now, when
you get into ACPI, that is another story. Linux may use the ACPI
code, while DOS does not.

Any time there is physical access, there is only *relative* security.

Mike

This is very true. But the risk of hooking a modem to a Linux
machine by itself is no greater then hooking one to a DOS machine.
The risk depends on the software you use to access the modem. Using
a FAX sending program on Linux is a lot less risk then running PC
Anywhere on a DOS machine. (Yes, there was a version for DOS.)

Mikkel
--

Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: Found, a new rootkit
    ... I fail the see the difference between the Linux driver for a serial ... The drivers themselves simply make BIOS calls. ... part of DOS< and not a BIOS setting. ...
    (Fedora)
  • Best Linux version to port from OpenServer 5.0.5/6
    ... We are embarking on a project to port from OpenServer 5.0.5/6, to Linux. ... the best driver support ... ... and the management can view them on a windows kiosk in the stores). ...
    (comp.unix.sco.misc)
  • [PATCH] CRIS v10: Driver for ds1302 needs to include cris-specific i2c.h
    ... CRIS v10: Driver for ds1302 needs to include cris-specific i2c.h ... Added I/O and DMA allocators from Linux 2.4 ... Linux 2.5 port of latest 2.4 drivers ...
    (Linux-Kernel)
  • Re: XP isnt seeing my new 500gb SATA drive
    ... You might want to check your mobo manual to check that the sata2 port doesnt ... use a different driver to the sata1 port. ... I had to go into my BIOS and enable the SATA-2 port on my motherboard ... I've searched the MoBo manufacturer's website for SATA controller ...
    (microsoft.public.windowsxp.hardware)
  • Re: Found, a new rootkit
    ... Your MS-DOS box is no more secure ... machine has a device driver for that device, ... to the serial port. ... The drivers themselves simply make BIOS calls. ...
    (Fedora)