Bugtraq mailing list archives

Re: Security problems with Dell Latitude C800 Notebook BIOSes

From: "Raymond M. Reskusich" <reskusic () uiuc edu>
Date: Tue, 14 Aug 2001 13:56:43 -0500

On Tue, Aug 14, 2001 at 05:28:36PM +0200, Bernhard Rosenkraenzer wrote:
...

When using suspend to disk, the Latitude BIOS dumps the system status to
the suspend to disk partition and prepends an OS loader code, and toggles
the active bit on the suspend to disk partition.

...

This is VERY dangerous though - it allows things like suspending a
session, then booting the normal OS (or something else from a floppy or
CD-ROM - the BIOS does nothing to ensure the stored session is actually
recovered), doing something completely different including modifying disk
content, reading all content (passwords and confidential data) from the
suspend-to-disk partition), then restoring the session that was
suspended before. The result of this can be anything and will almost
certainly lead to data loss.


Well, inasmuch as this is a security flaw one would imagine that the
"hibernate" functionality in Windows 2000 is about equally unsafe.
However, considering the usual risks involved in letting anyone with
a floppy boot to it on your machine, this isn't really a surprise.

I think to call this a BIOS flaw misses the point.  Dell is adding
to the functionality of the expected PC BIOS with a minimum of
disruption to existing functionality.  There is no reason, for
instance, for Dell to tell me that because I chose to suspend my
Windows session that I shouldn't be able to boot Linux before resuming
it.  Admittedly, the reliance on the active flag will play havoc with
some boot loaders unless you add the suspend partition to your boot
menu, but linux users are used to such inconveniences.  

If you want the boot to be limited to the suspend session, disable
floppy and cdrom boot, don't install a 3rd party boot loader, and
you're good.  Even better, put in a boot password.  But any scheme
where you write out a system memory image to disk unencrypted, you'll
still be vulnerable to anyone with physical access to the system.
Nothing stops the prospective data thief from popping your HD out that
convenient side panel and reading it in his laptop.

Raymond M. Reskusich

Attachment: _bin
Description:

Current thread:

Re: Security problems with Dell Latitude C800 Notebook BIOSes Raymond M. Reskusich (Aug 14)
- <Possible follow-ups>
- Security problems with Dell Latitude C800 Notebook BIOSes Bernhard Rosenkraenzer (Aug 14)
  - Re: Security problems with Dell Latitude C800 Notebook BIOSes Andrea Arcangeli (Aug 14)