On 09/24/2010 04:09 PM, Richard Stallman wrote:
> > It appears that, rather than the operating system itself being at fault,
> > a number of Windows applications take over a sector in the boot track
> > and store bits and pieces of data there.
>
> I am surprised applications can do that. Isn't that a security hole
> in Windows?
>
>
The windows users only relatively recently started discovering the
privilege separation as on windows till XP default user had complete
root privilegies. From Vista on, microsoft introduced gksudo-like
mechanism but most users have a reflex to press "accept" without even
reading the message since too many programs have the old habit of doing
unnecessary operations requiring root privilegies (like saving
configuration system-wide, rather than user-wide). Various backup
programs can validly be runned as root. Whereas it's possible that they
may have a relatively sane reason to write to MBR gap, I still have to
see a such. The ones I've seen use it to avoid restoring Windows to an
"unlicensed" ("untatooed") disk. Fortunately this use faded out since
many years (when "tatooing" moved to ACPI tables). Other programs
install a backdoor in the installer (which itself is run as root). Here
the problem is that users accept the backdoors running for DRM purposes.
An unrelated but similar example is FreeOTFE which installs a driver
which among things allows any unprivelegied user to read and write
sectors on the disk. I informed the author (who pretends to be a
security expert), but she doesn't see it as a security hole or anything
that should be fixed. Although FreeOTFE doesn't write in MBR gap, this
example shows that most of windows users and even some "security
experts" couldn't care less about security models (but they do care when
marketers say "security"-related buzzwords).
> As for the decision at hand, I don't have an opinion.
>
>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> http://lists.gnu.org/mailman/listinfo/grub-devel
>
>
--
Regards
Vladimir 'φ-coder/phcoder' Serbinenko
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
