| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Nov 2008 03:51:17 -0500 (EST) From: Gerhard Mack <gmack@...erfire.net> To: Alan Cox <alan@...rguk.ukuu.org.uk> cc: Pavel Machek <pavel@...e.cz>, mathias.schnarrenberger@....de, Olaf van der Spek <olafvdspek@...il.com>, linux-kernel@...r.kernel.org Subject: Re: security: delete BIOS password in keyboard buffer during kernel bootup On Tue, 11 Nov 2008, Alan Cox wrote: > Date: Tue, 11 Nov 2008 16:54:21 +0000 > From: Alan Cox <alan@...rguk.ukuu.org.uk> > To: Pavel Machek <pavel@...e.cz> > Cc: mathias.schnarrenberger@....de, Olaf van der Spek <olafvdspek@...il.com>, > linux-kernel@...r.kernel.org > Subject: Re: security: delete BIOS password in keyboard buffer during kernel > bootup > > > OTOH we don't call BIOS from linux, so we assume that low 64K is > > usable memory (unless marked otherwise in memmap, I guess). > > We use the BIOS in some cases for PCI routing, PCI services, APM, and > indirectly for SMM traps, ACPI and via user space for other stuff. So we > preserve the bottom 4K for the BIOS 0x40:xx page > > > > Anyway, proper place to do clearing is bootloader; it interacts with > > bios already, anyway... > > Agreed entirely. Best place would be for the OEM to fix it. If it's a security issue it shouldn't be overly difficult to embarass them into a fix. Gerhard -- Gerhard Mack gmack@...erfire.net <>< As a computer I find your faith in technology amusing. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists