On Wed, 20 Sep 2006 13:33:48 EDT, Brian Eaton said: > For some reason I think one or more of the *BSD variants has support > for restricting the actions that root can take, which presumably > includes preventing root from modifying the BIOS. I can't recall the > name of the feature, though, and I doubt you could teach Windows 2000 > a similar trick. It's called "Secure levels", and it's a help but has been proven to be not as bulletproof as you might wish - there's a few corner case breaks that have been found in it (for instance, it prevents attempts to turn the system clock backwards, but there isn't much it can do against kicking the clock forward to a few seconds before it's 2038 rollover, let it wrap, then warp the clock forwards again from 1970 to 10 minutes ago). In particular, it's useful against stopping some attacks that would otherwise be allowed to a program that had already gotten root - but it doesn't help much if you have an exploit to subvert the kernel.
Attachment:
pgpkAeHfZm3cV.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/