[lug] Steganography (was: newbie question - rc.sysinit)

Sun Jul 15 15:31:24 MDT 2001

Chris Riddoch wrote:
> 
> "D. Stimits" <stimits at idcomm.com> writes:
> > I was under the impression (maybe falsely) that if the cmos was set to
> > require a password, and if it also was set with virus protection against
> > boot sector alterations, that it would not be modifiable without local
> > access.
> 
> Well, the code that checks for both the password and the virus
> protection is in the bios software.  A modified version of the bios
> software might conveniently lack those features.

I was suggesting that a modified version should not be possible to
install remotely, if virus and password protection are enabled. But if
the bios does not honor this protection, except from the normal "hit DEL
key during boot" sort of access, then it is a big problem. My question
is more like this: If a modern bios has password and virus protection
engaged, must the o/s also provide password to alter these things? Or
does the bios only enforce this when entered via the "hit DEL key during
boot" phase? It seems logical that a bios should be able to block
updates from purely software means, but then again, manufacturers often
don't care about the logic of those situations, only the cost and quick
shipping.

> 
> > It sounds like even this is easily defeated? In theory the code
> > to protect, when virus and pass are set to be required, would also
> > require physically cutting the battery backup to the cmos if the pass is
> > ever forgotten. If other access is possible, then it seems the bios
> > password and virus portions are defective.
> 
> Well, there's a trade-off. If you're a company whose main interest is
> in selling a lot of bioses, you can afford to spend less development
> time on debugging if you know that your users can upgrade to a less
> (or differently) buggy version without needing a physical piece to
> shove into the board.  Software bioses allow for mediocre bioses, for
> one thing... if the hardware bios is broken, you're pretty much out of
> luck.  If the software bios is broken, you're expected to accept it as
> a fact of life and upgrade.  This doesn't apply to bioses alone, but I
> suppose I'm showing my cynicism, aren't I?

My direction is towards whether a normal bios can password protect
against the o/s. If that is the case, then the bios could not be altered
without either flashing it, or giving the pass. It sounds like the the
password is only mandatory from the "hit DEL key during boot" sort of
physical access...that linux, win, or other o/s's, completely bypass the
bios protections, during normal operations (e.g., without a floppy
during boot, instead during regular system run once bootup is complete).