Found, a new rootkit

[Mike McCarty]

Mikkel L. Ellertson wrote:
> Mike McCarty wrote:
> 
>>Tim wrote:
>>
>>>I don't have a single Linux box here that listens to the modem.  I'd
>>>have to install a service to do so.  Your MS-DOS box is no more secure
>>>than any of them, for that point of attack.
>>>
>>
>>I respectfully disagree with you on this point. Your Linux
>>machine has a device driver for that device, while my MSDOS
>>machine does not. So you *do* have software listening to
>>that device, which software potentially has security compromising
>>defects. I have no software on my MSDOS machine which listens
>>to the serial port. So if I install a modem on it, it remains
>>relatively secure.
>>
> 
> I fail the see the difference between the Linux driver for a serial
> port, and the DOS driver for COM ports, at least as far as security
> goes. Nether driver does anything unless there is a program

You are right, in regards to the software itself. The difference
is that MSDOS does not automatically install device drivers
for COM ports, whereas Linux does.

> accessing them. The fact that the serial driver is built in with
> MS-DOS, and may be loadable under Linux does not make much

There is no built-in serial driver in MSDOS. MSDOS sits on top
of the BIOS. The drivers themselves simply make BIOS calls.
Unless some software makes a call to the driver, then the
COM port just sits.

> difference. If anything, Linux without the driver loaded would be
> slightly more secure.

I don't follow this, but certainly Linux w/o the driver installed
would be as secure as MSDOS.

[snip]

> The thing that you are overlooking is that DOS has drivers for most
> of the standard hardware ether built in, or accessible through the
> system BIOS. If anything, accessing hardware through the system BIOS

If my MSDOS machine were connected, and someone bombarded the serial
port, all that would happen is that the bits would fall on the floor,
and the overrun error bit would get set in the UART. With Linux,
interrupts would be generated, and the driver would accept the bytes,
buffer them, and eventually dump the input. (Unless something has
changed since the last time I looked at the Linux serial drivers.)

> can be more of a security risk. You never really know what is in the
> BIOS. It is probably safe, as long as you are careful about updates.

Whatever is in the BIOS, it is still there when Linux is loaded.

Any time there is physical access, there is only *relative* security.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!