Bugtraq mailing list archives
Re: Security problems with Dell Latitude C800 Notebook BIOSes
From: "Raymond M. Reskusich" <reskusic () uiuc edu>
Date: Tue, 14 Aug 2001 13:56:43 -0500
On Tue, Aug 14, 2001 at 05:28:36PM +0200, Bernhard Rosenkraenzer wrote: ...
When using suspend to disk, the Latitude BIOS dumps the system status to the suspend to disk partition and prepends an OS loader code, and toggles the active bit on the suspend to disk partition.
...
This is VERY dangerous though - it allows things like suspending a session, then booting the normal OS (or something else from a floppy or CD-ROM - the BIOS does nothing to ensure the stored session is actually recovered), doing something completely different including modifying disk content, reading all content (passwords and confidential data) from the suspend-to-disk partition), then restoring the session that was suspended before. The result of this can be anything and will almost certainly lead to data loss.
Well, inasmuch as this is a security flaw one would imagine that the "hibernate" functionality in Windows 2000 is about equally unsafe. However, considering the usual risks involved in letting anyone with a floppy boot to it on your machine, this isn't really a surprise. I think to call this a BIOS flaw misses the point. Dell is adding to the functionality of the expected PC BIOS with a minimum of disruption to existing functionality. There is no reason, for instance, for Dell to tell me that because I chose to suspend my Windows session that I shouldn't be able to boot Linux before resuming it. Admittedly, the reliance on the active flag will play havoc with some boot loaders unless you add the suspend partition to your boot menu, but linux users are used to such inconveniences. If you want the boot to be limited to the suspend session, disable floppy and cdrom boot, don't install a 3rd party boot loader, and you're good. Even better, put in a boot password. But any scheme where you write out a system memory image to disk unencrypted, you'll still be vulnerable to anyone with physical access to the system. Nothing stops the prospective data thief from popping your HD out that convenient side panel and reading it in his laptop. Raymond M. Reskusich
Attachment:
_bin
Description:
Current thread:
- Re: Security problems with Dell Latitude C800 Notebook BIOSes Raymond M. Reskusich (Aug 14)
- <Possible follow-ups>
- Security problems with Dell Latitude C800 Notebook BIOSes Bernhard Rosenkraenzer (Aug 14)
- Re: Security problems with Dell Latitude C800 Notebook BIOSes Andrea Arcangeli (Aug 14)