Friends,
With so much espionage happening in computers, I was wondering whether a read only mounted partition is read only by software only or is there an electrical lock on the hdd, which does not seem possible for multi-partition disks as another partition may be writeable.
Can a malicious software gain control of the electrical side of the hdd and modify or delete data, even on a read only mounted partition? For the military then, would it be better to use an entire disk as a single partition and lock it down electrically?
Regards,
Rony.
On Monday, 17 June 2013 at 12:08 AM, gnulinuxist@gmail.com wrote:
Friends,
With so much espionage happening in computers, I was wondering whether a read only mounted partition is read only by software only or is there an electrical lock on the hdd, which does not seem possible for multi-partition disks as another partition may be writeable.
Partitions are logical. That is why they can be altered and moved around. Most HDDs don't know about the partitions on them, just like an SD Card with a image of you on it won't know it is really you - so no electrical locks. The locks are only logical.
Can a malicious software gain control of the electrical side of the hdd and modify or delete data, even on a read only mounted partition? For the military then, would it be better to use an entire disk as a single partition and lock it down electrically?
Yes. You can have software to gain control of the HDD, modify and delete data - but it isn't possible on modern Operating Systems like GNU/Linux (unless there are hidden/unknown backdoors). Again, such requests have to be routed THROUGH the Operating System. Since the source is open, I'd give such a case a very low probability for GNU/Linux. Other OSs? There is no concrete way to find out.
For the military or most agencies where security is paramount - strategies and decisions are based on exactly what is at risk and the functionality required. The best strategy is to keep a good two-inch air gap between the NIC and the network cable.
Cheers,
Amol Hatwar Exceed Consulting
On Mon, Jun 17, 2013 at 12:08 AM, gnulinuxist@gmail.com wrote:
Friends,
With so much espionage happening in computers, I was wondering whether a read only mounted partition is read only by software only or is there an electrical lock on the hdd, which does not seem possible for multi-partition disks as another partition may be writeable.
No electrical lock. Anyone with root/sudo (with rights to mount) can do 'mount -o remount,rw <fs_dir_tree>'
Can a malicious software gain control of the electrical side of the hdd and modify or delete data, even on a read only mounted partition? For the military then, would it be better to use an entire disk as a single partition and lock it down electrically?
The 3.5" disks have pin outs, one of these pairs can be jumpered to make the *entire* disk 'ro' - this takes care of remote root/sudo scenarios. Anyone with physical access can easily remove the jumper and make the *entire* disk 'rw'
On Mon, Jun 17, 2013 at 9:47 AM, Arun Khan knura9@gmail.com wrote:
On Mon, Jun 17, 2013 at 12:08 AM, gnulinuxist@gmail.com wrote:
Friends,
With so much espionage happening in computers, I was wondering whether a
read only mounted partition is read only by software only or is there an electrical lock on the hdd, which does not seem possible for multi-partition disks as another partition may be writeable.
No electrical lock. Anyone with root/sudo (with rights to mount) can do 'mount -o remount,rw <fs_dir_tree>'
Can a malicious software gain control of the electrical side of the hdd
and modify or delete data, even on a read only mounted partition? For the military then, would it be better to use an entire disk as a single partition and lock it down electrically?
The 3.5" disks have pin outs, one of these pairs can be jumpered to make the *entire* disk 'ro' - this takes care of remote root/sudo scenarios. Anyone with physical access can easily remove the jumper and make the *entire* disk 'rw'
Afair the jumper is not hardwired and a trojan bios (or raw driver) can ignore the lock.
-- Arun Khan Sent from my non-iphone/non-android device (অরুণ খান্/अरुण खान) -- http://mm.ilug-bom.org.in/mailman/listinfo/linuxers
On 17 June 2013 00:08, gnulinuxist@gmail.com wrote:
With so much espionage happening in computers, I was wondering whether a read only mounted partition is read only by software only or is there an electrical lock on the hdd, which does not seem possible for multi-partition disks as another partition may be writeable.
This is usually software-only. One can always mount -o remount,rw to get read-write access. Having said that, I have seen external drives having a physical switch that toggles write-mode. Also remember the old floppy disks which had a crude mechanical device for enabling write protection. :-)
Can a malicious software gain control of the electrical side of the hdd and modify or delete data, even on a read only mounted partition? For the military then, would it be better to use an entire disk as a single partition and lock it down electrically?
Not sure where the military came from. Our military at least (going by recent scams), seems to be contain more than its fair share of folks who are willing to be persuaded for the customary 30 pieces of silver.
Binand
-
Amol Hatwar -
Arun Khan -
Binand Sethumadhavan -
gnulinuxist@gmail.com -
J T Dsouza