On Sat, 4 Sep 2004 20:54, Ives Steglich <fedora-se-linux@xxxxxxxxx> wrote: > there is a second option (also bios and startup related): > > you can put an additional pci-extension-bios to any pci-card which have > a own pci-extension-bios for setting up its hardware, the chips are > usaly 64k but not fully used (graficcard, networkcard, ...) and the Good point. However one limitation of this is that it won't work so well for laptops. The idea of replacing a BIOS was first suggested to me after a discussion of an advertised security product which had some very suspect claims about it's performance. The claim that it could survive a re-install of Windows seemed difficult to believe and a modified BIOS was the only suggestion of a possible way of doing it. > second problem here, would be getting the code surviving in ram > the boot-up sequence of the operating system, but i'm sure this won't be > any problem for some ppl with the necessary skills That is solvable too. It would have to decompress the kernel image, modify the kernel code in some subtle way (EG making some security check function in the kernel be a noop), re-compress the kernel image and then present it to the boot loader upon read requests. It's difficult, but not impossible. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
