EEVblog Electronics Community Forum
General => General Technical Chat => Topic started by: SArepairman on February 19, 2015, 09:05:04 pm
-
If I wanted to dual boot windows and linux on the same hard drive, is it possible to somehow modify the linux files from within windows to compromise the linux installations security?
-
If you mean 'is there such a thing as an ext3/4 file system for windows', then yes, there is.
-
If I wanted to dual boot windows and linux on the same hard drive, is it possible to somehow modify the linux files from within windows to compromise the linux installations security?
Yes. And vice versa. I've used a Linux LiveCD to remove Windows malware infections. Only way to prevent another OS from tampering with your files is to encrypt the drive.
-
I would say yes. I run Windows 7 / Linux Mint on my notebook and MS Windows does not even see the Linux partitions, it reports them as empty or unformatted drives.
-
You can improve things by encrypting the linux partition with LUKS, at most the windows could just erase the data, but not maliciuously read or modify it. You would need to enter a password on startup though, if you only care about casual mischief and not maliciousness you can hardcode a password, it would be possible to read/modify it from windows but someone would have to put a bit of work into it.
-
If someone else can sit at your computer and boot it up it's not secure.
If your computer is connected to a network it's not secure.
Especially given time.
At best no one's worked it out yet, at worst they have and it's not public knowledge.
EDIT:
Just realised how negative that sounds lol. One thing you can do is manage risk. Luckily almost all information is only really worth keeping secret so long and most isn't worth the effort anyhows.
-
if windows has admin privs, it can write random stuff to any disk partition. so its not safe, if you really get technical.
I dual boot and don't worry about it, though. I limit what my win7 system does, avoid almost all web browsing and never install weird stuff to it. if I need to browse the web, I do that under linux where its 1000% safer, overall.
-
If you have serious security issues you might also want to have a look at the HW platform itself as an entry point. There are back doors into most PCs that does not even require the PC to be running (needs power to start though).
When someone with the right certificate can start your PC from remote and "restore" the disk to running order then that someone can do what he wants to all your disks.
How paranoid this should make you I guess depends on your aversion for three letter acronyms and your conspiracy alert level.
this sums it up nicely http://hardware.slashdot.org/comments.pl?sid=4608409&cid=45813563 (http://hardware.slashdot.org/comments.pl?sid=4608409&cid=45813563)
-
ah, but can you be sure there is no backdoor that scans for some code that resets all your bios settings?
or like, is it measurable, perhaps a LDO powering the network interface is actually turned off?
-
I always in Bios disable Wake on Lan, USB and everything else I can.
In Win also disable remote assistance.
No good making things too easy for the A holes.
Gee thanks SArepairman.....removed 3/4 of your post after I replied.
-
oh dude it was a mistake, i thought I was posting a new post but I hit edit |O
for clarity, basically I asked if the computer must be turned off for a remote "reprogramming" to happen, and leaving the lan unplugged before the OS is booted and unplugging the lan before the OS is turned off is a reasonable countermeasure.
I also wondered if there could be a "turn off" packet that can be sent which turns your computer off if you left it on running a operating system while you are away from the computer in order to allow to be reprogrammed if it is turned on (I imagine this could be useful if you wanna do a global change to a entire office building and you don't wanna hunt down someones workstation that was not turned off.)
-
how do you think something like that propagates?
the NIC writes a little barebones alphabet boy OS onto some free hard drive space ?
I CANT BELIEVE THERE IS NO PHYSICAL INTERLOCK! :wtf: :wtf:
-
"
ah, but can you be sure there is no backdoor that scans for some code that resets all your bios settings?
Nope, you also can't be sure your firmware doesn't have backdoors and doesn't patch any kernel loaded to include it...
for clarity, basically I asked if the computer must be turned off for a remote "reprogramming" to happen, and leaving the lan unplugged before the OS is booted and unplugging the lan before the OS is turned off is a reasonable countermeasure.
Doing something remotely would be easier when an OS is running, and EVERY OS that supports networking is vulnerable to this sort of attack.
I also wondered if there could be a "turn off" packet that can be sent which turns your computer off if you left it on running a operating system while you are away from the computer
init 6" on a lot of *nix's ;)
That really is dependent on the OS...
how do you think something like that propagates?
the NIC writes a little barebones alphabet boy OS onto some free hard drive space ?
I wouldn't try to take advantage of netboot to implement any sort of takeover of a desktop computer, it's too visible. The easiest way to propagate any sort of attack is to convince people to run it themselves. This is how the vast majority of malware gets on PCs, and no OS or security setup can protect you from that without making the computer useless.
I CANT BELIEVE THERE IS NO PHYSICAL INTERLOCK! :wtf: :wtf:
Why would you need one? Just follow standard practice. Don't run servers you don't need, don't open ports on your networks firewall you aren't using. Keep your BIOS/EFI/all firmwares, OS's and apps updated regularly, at least every time there's a security patch. And never, ever, install anything you don't trust.
The only thing that will keep you setup more secure than following those steps is putting it in a room with no doors, power supply, and network access.
-
If I wanted to dual boot windows and linux on the same hard drive, is it possible to somehow modify the linux files from within windows to compromise the linux installations security?
Depends on your definition of "secure".
If secure as in information security, not getting your data stolen, etc. then no - as others have explained.
If secure as in a common Windows malware not infecting your Linux files, then you are likely safe, because malware that understands a Linux filesystem and executables is very rare. Not impossible to find, but probably not worth worrying about. Of course, if you get a virus that scrambles/deletes the content of your harddrive blindly, it could mess your Linux files up as well.
I am dual-booting Windows and Linux for many years having both on the same and on separate drives and never had a problem with some Windows malware trampling over my Linux files. However, I didn't really have Windows malware in ages neither.
Dual boot is not a security feature - don't rely on it for that. If you practice a good computer "hygiene", such as having an up to date antivirus, have a firewall configured, use up-to-date, patched system and applications, have up to date backups, you will be OK, dual boot or no dual boot.
-
well the idea of this netboot attack is very interesting regardless, even if they are rare state level things, they are the most interesting concept in this thread by far.
-
"ah, but can you be sure there is no backdoor that scans for some code that resets all your bios settings?
Nope, you also can't be sure your firmware doesn't have backdoors and doesn't patch any kernel loaded to include it...
for clarity, basically I asked if the computer must be turned off for a remote "reprogramming" to happen, and leaving the lan unplugged before the OS is booted and unplugging the lan before the OS is turned off is a reasonable countermeasure.
Doing something remotely would be easier when an OS is running, and EVERY OS that supports networking is vulnerable to this sort of attack.
Can you give me a more technical explanation of how this works?
Won't the OS interfere with remote access by the BIOS?
Like, I thought the OS running will have control of where to access the hard drive and memory. If something else tries to control this while its running wont the OS crash?????
how is it easier???
-
Dual boot is so 1998... Nowadays, virtualization is usually the better choice.
-
i like video games with good graphics
-
Can you give me a more technical explanation of how this works?
Won't the OS interfere with remote access by the BIOS?
Like, I thought the OS running will have control of where to access the hard drive and memory. If something else tries to control this while its running wont the OS crash?????
how is it easier???
Ok, so say I have an exploit that gives me root or admin rights on a machine, or I've persuade a user to grant my programme them, the OS will let that programme access anything. I can access all your hardware directly*, and if needs be even ignoring the drivers for the hardware. But the OS is still controlling what gets access to what hardware when. My code isn't running in kernel mode/ring 0, the kernel (by necessity) just gives root/admin processes as much access as they want.
*and with a little work (amount depends on the OS) even bypass all memory protection and start patching the kernel, though that would be more likely to cause problems than patching it when it's loaded.
-
Dual boot is so 1998... Nowadays, virtualization is usually the better choice.
This is so true.
I wrote a piece of software that would allow you to boot up to 256 OS's on a single hard drive. It does it by maintaining its own partition table that it will put into place and then boot the OS. So you have a choice of which partitions you want present when you boot a particular OS. You can use this to keep OS's separate from each other - it will wrap areas that are not used in a "protection partition" and remove their boot sector so OS's do not try to mount them. It feels like it was a million years ago when I wrote this, but if you are interested:
http://www.sadevelopment.com/more_pbm.htm (http://www.sadevelopment.com/more_pbm.htm)
Good luck,
Alan
-
Dual boot is so 1998... Nowadays, virtualization is usually the better choice.
VMs can also be a huge hassle to network properly. they tend to want to run internal vswitches, they tend to want to run NAT and they tend to want to make it harder to allow incoming connections, like servers and baremetal machines do.
some GUIs for vm tech makes it less hard, but others make it a huge PITA to setup networking the way you want.
and if you have an existing windows install, its damned near impossible to move it over to your vm. linux allows this easily but windows has always been 'node locked' and unless you can hack windows pretty well, transferring your apps and data and config to a new machine is far from trivial.
for quickie things, I'll launch a vm that I did a full separate install to (sigh) but I still prefer to stay inside a real o/s if I'm going to be doing anything more than doing a short edit on a word doc.
-
Dual boot is so 1998... Nowadays, virtualization is usually the better choice.
Except dual booting and virtualization serve different purposes.
Virtualized OS is never going to function equally well as when it is running native on the HW. If you need only one odd application from the other os, by all means, virtualize. But you will suffer a lot if you need full performance from your peripherals, graphics, etc.
-
Dual boot is so 1998... Nowadays, virtualization is usually the better choice.
This is so true.
I wrote a piece of software that would allow you to boot up to 256 OS's on a single hard drive. It does it by maintaining its own partition table that it will put into place and then boot the OS. So you have a choice of which partitions you want present when you boot a particular OS. You can use this to keep OS's separate from each other - it will wrap areas that are not used in a "protection partition" and remove their boot sector so OS's do not try to mount them. It feels like it was a million years ago when I wrote this, but if you are interested:
http://www.sadevelopment.com/more_pbm.htm (http://www.sadevelopment.com/more_pbm.htm)
Good luck,
Alan
Alan, but that is not virtualization, but a hack to dual/multiboot your machine :palm:
Similar programs have been around for ages, e.g. System Commander.
-
... is it possible to somehow modify the linux files from within windows to compromise the linux installations security?
Yes, Format is possible. Pretty unsecure.
-
Can you give me a more technical explanation of how this works?
Won't the OS interfere with remote access by the BIOS?
Like, I thought the OS running will have control of where to access the hard drive and memory. If something else tries to control this while its running wont the OS crash?????
how is it easier???
Ok, so say I have an exploit that gives me root or admin rights on a machine, or I've persuade a user to grant my programme them, the OS will let that programme access anything. I can access all your hardware directly*, and if needs be even ignoring the drivers for the hardware. But the OS is still controlling what gets access to what hardware when. My code isn't running in kernel mode/ring 0, the kernel (by necessity) just gives root/admin processes as much access as they want.
*and with a little work (amount depends on the OS) even bypass all memory protection and start patching the kernel, though that would be more likely to cause problems than patching it when it's loaded.
OK, Can you clarify?
Can you explain to me how a netboot attack works when the computer is off vs how it does when it is on?
Like, a chain of events...
I'm guessing its starting here (for a powered off net boot attack):
1) Computer power supply is providing standby power to BIOS
2) Computer is chilling, ignoring everything that comes in on the LAN connection (except for a few unique "triggers")
3) unique trigger comes along the LAN cable, causes computer to power on and...
can you be specific though, like describing what happens in various hardware sub systems during this chain of events?
is it just the bios? or does it start from NIC firmware? is there a diff using a plugin NIC card (pci, etc)
-
Alan, but that is not virtualization, but a hack to dual/multiboot your machine :palm:
You are correct, it is not.
Similar programs have been around for ages, e.g. System Commander.
I remember System Commander all right. It was pretty cool in its day. It doesn't separate partitions like my product does, but I used it for a couple of years.
-
Dual boot is so 1998... Nowadays, virtualization is usually the better choice.
Except dual booting and virtualization serve different purposes.
Virtualized OS is never going to function equally well as when it is running native on the HW. If you need only one odd application from the other os, by all means, virtualize. But you will suffer a lot if you need full performance from your peripherals, graphics, etc.
http://en.wikipedia.org/wiki/Xen (http://en.wikipedia.org/wiki/Xen)
-
http://en.wikipedia.org/wiki/Xen (http://en.wikipedia.org/wiki/Xen)
And your point is?
Moreover, Xen is a paravirtualization platform, it doesn't run unmodified OS if you want good performance. Good to run a large amount of servers, but I don't see a home user running that on their desktop in order to run Windows from Linux. If anything then VMWare or VirtualBox would be more relevant.
-
Xen supports direct hardware access.
-
I'm guessing its starting here (for a powered off net boot attack):
1) Computer power supply is providing standby power to BIOS
2) Computer is chilling, ignoring everything that comes in on the LAN connection (except for a few unique "triggers")
3) unique trigger comes along the LAN cable, causes computer to power on and...
can you be specific though, like describing what happens in various hardware sub systems during this chain of events?
is it just the bios? or does it start from NIC firmware? is there a diff using a plugin NIC card (pci, etc)
WOL won't turn on your PC, it'll only wake it from sleep mode. And if you don't have netboot enabled your system won't try to boot from the NIC. And they'd need to change the settings on your DHCP server and set up a TFTP server on your network to implement that.
And nah, as far as your PC is concerned the onboard NIC is just another PCI/PCIE device.
-
WOL won't turn on your PC, it'll only wake it from sleep mode.
Yes it will. As long as it is enabled in the BIOS & NIC anyway.
-
WOL won't turn on your PC, it'll only wake it from sleep mode.
Yes it will. As long as it is enabled in the BIOS & NIC anyway.
But that's hardly standard settings and if you can get enough access to a machine set that up and set PXE or whatever up on on the network you might as well not bother.
But also yeah, good point too.
-
so, is a computer thats turned off but connected vulnerable or not to some kind of a attack which comes in from the LAN cable ??
-
If it has on wake up LAN, then maybe?
-
Nothing is ever truly secure. Once you understand that, you can chill out a bit more.
-
I heard a very good computer security maxim from one of my professors:
"If someone else has physical access to your computer, it is not your computer."
Most security measures an OS can provide are "alive" only when the OS is actually running. If you are able to run another OS on the same computer (not just through dual boot, booting a USB stick or DVD are very common attacks), the file systems of the non-running OS are just data, free to be read or modified at will.
The only way you can defend from this is by using a hard drive encryption system. This still allows an attacker to destroy your installation, but will likely thwart most attempts to steal data. (That said, there is no such thing as a perfect protection.)
-
(That said, there is no such thing as a perfect protection.)
People don't seem to get that locks aren't meant to stop a determined attacker. They are designed to slow people down and should make any successful tampering very evident. So many common popular physical locks are only any good as a form of social contract and couldn't stop anyone who wanted to bypassing them.
-
If I wanted to dual boot windows and linux on the same hard drive, is it possible to somehow modify the linux files from within windows to compromise the linux installations security?
Physically swap hard disks feasible?