grub-devel.gnu.org archive mirror
 help / color / mirror / Atom feed
From: "Vladimir 'φ-coder/phcoder' Serbinenko" <phcoder@gmail.com>
To: The development of GNU GRUB <grub-devel@gnu.org>
Cc: Richard Stallman <rms@gnu.org>,
	Lennart Sorensen <lsorense@csclub.uwaterloo.ca>
Subject: Re: Guidance on conflicts between GNU GRUB and proprietary software
Date: Tue, 28 Sep 2010 11:01:05 +0200	[thread overview]
Message-ID: <4CA1AED1.2010008@gmail.com> (raw)
In-Reply-To: <E1Oz8yL-0005zn-29@fencepost.gnu.org>

On 09/24/2010 04:09 PM, Richard Stallman wrote:
>     > It appears that, rather than the operating system itself being at fault,
>     > a number of Windows applications take over a sector in the boot track
>     > and store bits and pieces of data there.
>
> I am surprised applications can do that.  Isn't that a security hole
> in Windows?
>
>   
The windows users only relatively recently started discovering the
privilege separation as on windows till XP default user had complete
root privilegies. From Vista on, microsoft introduced gksudo-like
mechanism but most users have a reflex to press "accept" without even
reading the message since too many programs have the old habit of doing
unnecessary operations requiring root privilegies (like saving
configuration system-wide, rather than user-wide). Various backup
programs can validly be runned as root. Whereas it's possible that they
may have a relatively sane reason to write to MBR gap, I still have to
see a such. The ones I've seen use it to avoid restoring Windows to an
"unlicensed" ("untatooed") disk. Fortunately this use faded out since
many years (when "tatooing" moved to ACPI tables). Other programs
install a backdoor in the installer (which itself is run as root). Here
the problem is that users accept the backdoors running for DRM purposes.
An unrelated but similar example is FreeOTFE which installs a driver
which among things allows any unprivelegied user to read and write
sectors on the disk. I informed the author (who pretends to be a
security expert), but she doesn't see it as a security hole or anything
that should be fixed. Although FreeOTFE doesn't write in MBR gap, this
example shows that most of windows users and even some "security
experts" couldn't care less about security models (but they do care when
marketers say "security"-related buzzwords).
> As for the decision at hand, I don't have an opinion.
>
>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> http://lists.gnu.org/mailman/listinfo/grub-devel
>
>   


-- 
Regards
Vladimir 'φ-coder/phcoder' Serbinenko



  parent reply	other threads:[~2010-09-28  9:01 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-09-23 22:19 Guidance on conflicts between GNU GRUB and proprietary software Colin Watson
2010-09-24  0:27 ` Lennart Sorensen
2010-09-24 14:09   ` Richard Stallman
2010-09-28  4:44     ` richardvoigt
2010-09-28  4:55       ` Bogdan
2010-09-28  8:04         ` Colin Watson
2010-09-28  9:10           ` Bogdan
2010-09-28  9:41             ` Colin Watson
2010-09-28  9:51               ` Bogdan
2010-09-28 10:25                 ` Colin Watson
2010-09-28 10:40                   ` Bogdan
2010-09-28 11:49                     ` Colin Watson
2010-09-28 14:50             ` Lennart Sorensen
2010-09-28 15:05               ` Bogdan
2010-09-28 18:18               ` Grub2 Install Image Dee Sharpe
2010-09-28 21:45                 ` Dmitry Ilyin
2010-09-28 15:40           ` Guidance on conflicts between GNU GRUB and proprietary software Phillip Susi
2010-09-28 16:18             ` Colin Watson
2010-09-28 17:52               ` Phillip Susi
2010-09-28 19:05           ` Vladimir 'φ-coder/phcoder' Serbinenko
2010-09-28 19:15             ` Lennart Sorensen
2010-09-28 19:43               ` Vladimir 'φ-coder/phcoder' Serbinenko
2010-09-28 20:07                 ` Lennart Sorensen
2010-09-28 20:58                   ` Vladimir 'φ-coder/phcoder' Serbinenko
2010-09-28 21:15                     ` Lennart Sorensen
2010-09-28 21:34                       ` Vladimir 'φ-coder/phcoder' Serbinenko
2010-09-28 19:22             ` Phillip Susi
2010-09-28 21:46             ` Grégoire Sutre
2010-09-28 22:11               ` Vladimir 'φ-coder/phcoder' Serbinenko
2010-09-29 10:00                 ` Grégoire Sutre
2010-09-28 19:11           ` Vladimir 'φ-coder/phcoder' Serbinenko
2010-09-28 14:57       ` Lennart Sorensen
2010-09-28  9:01     ` Vladimir 'φ-coder/phcoder' Serbinenko [this message]
2010-09-24 10:57 ` Brendan Trotter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4CA1AED1.2010008@gmail.com \
    --to=phcoder@gmail.com \
    --cc=grub-devel@gnu.org \
    --cc=lsorense@csclub.uwaterloo.ca \
    --cc=rms@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).