Re: Guidance on conflicts between GNU GRUB and proprietary software

[Lennart Sorensen]

On Mon, Sep 27, 2010 at 11:44:10PM -0500, address@hidden wrote:
> Is it a security hole if the linux superuser can write to /dev/sda ?  If you
> block this level of access, how's fdisk (or any number of other partition
> managers) supposed to do its job?  How's one supposed to install grub in the
> first place, if access to those blocks is forbidden by every OS?
> 
> We are talking about the owner of the machine, and software they choose to
> run.  An OS that prevented the owner from having full control over his own
> machine would be something to complain about, letting the owner write to his
> boot track is not.
> 
> If we think there's a real security hole here, like unprivileged
> applications able to overwrite grub code, I'll go advocate with Microsoft to
> have it fixed.  Until then I just agree that it's a tragedy that
> applications which aren't bootloaders or partition managers mess around in
> this area, but it shouldn't be up to the OS to decide which applications run
> by the superuser are specially privileged to manage partitions, and which
> aren't.

Given the majority of Windows user's skill level, it probably is a
security hole.  Asking for permission to do administrator work is one
thing.  Asking for permission to do raw disk access is quite another
(and windows makes no distinction at all between the two).  After all
installing shared files and services requires admin.  This should not
give the installer permission to do far more than that.

If Microsoft cared about their users they would not give out 'windows
compatible' logos to anything that pulled of dirty tricks like writing
to track 0.  Of course that would never happen.

After all this has already killed full drive encryption for some people,
and it is killing boot loaders for some people too.  It is obviously a
bad idea and should be stopped.  Microsoft could probably put a stop to
it, but I doubt they care.  Wouldn't want to offend Adobe or Autodesk
or some other big important windows software provider.

> Yours truly,
> R Benjamin Voigt
> Microsoft Visual C++ MVP and Windows private beta tester
> 
> P.S. Does anyone know if the Linux versions of those same proprietary
> license managers abuse the boot track like their Windows behavior?

Based on what I have managed to find out about it, no, the Linux versions
don't do this.  Perhaps the developers figured linux users were smarter
and knew how to spot stupid misuse of sectors on their disks and work
around it, so it wouldn't be effective anyhow.

-- 
Len Sorensen