[Soekris] read-only CF switch header on 4501?

Henry Spencer henry at spsystems.net
Mon Dec 29 20:38:39 UTC 2003

On Mon, 29 Dec 2003, Markus Friedl wrote:
> i'm booting openbsd ramdisk kernels without any IDE
> support, so the running system cannot modify the CF.
> in order to change files on the CF you need console
> access and boot a different kernel.

No, it suffices to break root (details left to the student :-)) and use
something like /dev/mem to tamper with the kernel, ultimately causing it
(in any of several ways) to run your own kernel-mode code.

If you assume the worst case -- a knowledgeable and malicious intruder --
the fact that the running kernel takes care not to do something or doesn't
know how to do it means nothing.  The only sure safeguard is making the
undesired action impossible for *any* software.

                                                          Henry Spencer
                                                       henry at spsystems.net

