Re: [tlug] Running Linux and Windows on a Single Box

[Jim <jep200404@example.com>]

Viktor Pavlenko wrote:

> >>>>> "J" == Jim  <jep200404@example.com> writes:
> 
>     J> When Windows is corrupted, it has access to Linux partitions 
>     J> and so can in turn corrupt Linux. 
> 
> Any real life examples? 

I have never heard of any and do not expect to. 

Walter Hansen wrote:

> Since windows in not capable of reading Linux partitions I would find it 
> nearly impossible for Windows to corrupt Linux.

That Windows is not natively able to grok Linux partitions is 
irrelevant to an attacker being able to use corrupted Windows 
to attack Linux partitions. 

Windows has control of the hardware. An attacker could access any 
sectors on any hard drive they cared to. It could be crude. Look 
for some sectors _anywhere_ on the drive that match some pattern, 
such as one might expect in /bin/login for example, and replace those 
sectors with a modified /bin/login. 

Another way would be for the attacker to run a Linux, such as colinux, 
as a tool within the corrupted Windows, to grok Linux partitions. 

Even if the corrupted Windows could not understand Linux partitions, 
any sectors could be sent elsewhere for analysis and the same 
elsewhere could return sectors to be written. I'm thinking of 
something vaguely like NFS or iSCSI. 

My general understanding is that once an OS is corrupted, 
that all hard drive content is vulnerable, regardless of 
what the BIOS tells the OS, but I am ignorant of how strong the 
hide boot stuff is that Edward wrote about, so I have to defer to 
him on that. 

Edward's recommendation to encrypt the Linux partitions and 
boot from read-only media makes sense. It might not prevent 
vandalism, but it would certainly prevent secrets (such as 
in /etc/shadow) from being revealed. 

Jim