blk@mitre.org (Brian L. Kahn) (05/09/91)
We are building Unix software for a system that contains the DOS co-processor board. Can anyone tell me the risks we face from contamination or attack by nasty DOS programs? - Can DOS clobber Unix files? The Unix file system? - Can DOS bypass Unix permissions for files? - Can DOS access disk as a raw device? - Can DOS use serial I/O ports? - Can DOS steal serial ports from Unix processes that "own" them? ADthanksVANCE, -- B< Brian Kahn blk@security.mitre.org "may the farce be with you"
dougd@hpfcdc.HP.COM (Doug Drees) (05/14/91)
I'll try to answer your questions. I worked on the DOS Coprocessor. >/ hpfcdc:comp.sys.hp / blk@mitre.org (Brian L. Kahn) / 12:22 pm May 9, 1991 / > > We are building Unix software for a system that contains the DOS > co-processor board. Can anyone tell me the risks we face from > contamination or attack by nasty DOS programs? > > - Can DOS clobber Unix files? The Unix file system? The DOS Coprocessor can access files via the DOSMOUNT command. The user can then do anything s/he could have done outside of DOS. If you start DOS as root, you can do nasty things to your file system. If you run DOS as user "foo", you can only delete or tamper with files that user "foo" has write permissions for. > - Can DOS bypass Unix permissions for files? No - it applies Unix permissions per Unix rules. Also, since the DOS Coprocesor maps valid Unix file names to valid DOS file names in a way similar to (compatible with?) PC/NFS, you can protect most Unix files from being inadvertantly modified by using a Unix file name with more than 0 uppercase letters, or two periods, or a tilde (~), etc. The DOS filename will be some translated version which you can find out (use XDIR) and use if you desire but most software wouldn't be able to generate. For example, the Unix file ".Xdefaults" is translated "~XDEF~nn" where the n's are either uppercase chars or numerals. > - Can DOS access disk as a raw device? If you configure your /usr/lib/dos/dos.cnf or $HOME/.dosrc to use a raw disk device for HARDDISK, FLOPPYA, or FLOPPYB, the coprocessor will indeed be able to directly alter them. Although it is not documented, we in the lab have used some older, smaller HP disks (ie. 9133H/L 20/40 MBytes) as our HARDDISKs. This allows us a way to use these older disks (almost useless as Unix disks) while reducing the impact of the DOS filesystem on the Unix system. (If you'd like to try this, email me for instructions) > - Can DOS use serial I/O ports? Yes. We have tried: Laserjet printing directly with a serial port Laserjet printing translating parallel port access to a serial port on the 300 Accessing a remote service (Compuserve) using a terminal emulator and a modem Accessing another computer (HP 3000) with a direct serial connection Using _SOME_ serial copy protection locks Driving an industrial controller with custom software and protocol > - Can DOS steal serial ports from Unix processes that "own" them? Serial ports are assigned to the coprocessor via the above mentioned config files and the COM1-COM4 keywords. When DOS starts up it opens these device files for read/write use. If the open succeeds, DOS uses the device file as if it is the only user. The bottom line is that you (or your administrator) have full control over what devices or disks or files the DOS Coprocessor uses. Any DOS programs, virus or friendly, can only affect those devices/files. > > ADthanksVANCE, > -- > B< Brian Kahn blk@security.mitre.org "may the farce be with you" > ---------- Regards, ___ ___ / ) /) / ) / / ____ ___ // __ / / __ _ _ _/__/ (_) /_/ (_)_(/_(_/_/)__ _/__/ / (_</_</_/)__ (/ Douglas Drees ------------------------------------+------------------------------------- ARPA: dougd@hpfcla.fc.hp.com | UUCP: {ucbvax,hplabs}!hpfcla!dougd USmail: c/o Hewlett-Packard m/s 99 | 3404 E. Harmony Rd. | "These are, of course, my own views Fort Collins, C0 80525 | and don't necessarily represent HP"