On 02/05/15 03:26, Gene wrote: > On Thu, Feb 5, 2015 at 12:22 AM, Daniel Dickman <didick...@gmail.com> wrote: > ... >> does seem like a firmware bug based on the contents of the mbr. will see if >> I can diagnose further. >> > > It's not a bug. It's a "security feature"...
or maybe "very effective exploit mitigation technique countermeasure" but yes...if something written on the MBR causes the system to lock hard, that's a BIOS problem, plain and simple...and if no update is available, it should be considered defective hardware. It would be one thing if the MBR code were being RUN (i.e., part of the boot process) and hanging (we had this problem long, long ago), but the problem being described is the BIOS is just looking at the disk's MBR BEFORE TRYING TO BOOT and freaking out in such a way that it couldn't be fixed without using another computer to alter the MBR..sounds like a potential DoS attack vector. Imagine a disgruntled employee dropping this or similar code on a bunch of servers on his way out the door and the fun that would happen on the next patch day. Sure, someone could simply zero the MBR and prevent systems from rebooting, but any remote management solution could fix that. If you can WEDGE the BIOS, that would require physical dissassembly of the computer to fix the problem. Now...if someone figures out a trivial change to the boot code that fixes this without potentially breaking some other system, maybe it would be considered for commit, but I think this still qualifies as a serious hardware defect that manufacturers need to be aware of and fix. (Using an old DOS boot disk to do an FDISK /MBR will probably render these machines bootable, but I'd still consider the machine broken.) Nick.
