Found, a new rootkit

[Mike McCarty]

Les Mikesell wrote:
> On Fri, 2006-04-07 at 16:03, Mike McCarty wrote:
> 
> 
>>MSDOS does *not* use interrupt driven I/O on those ports. It uses
>>BIOS calls, specifically INT 14h. For example, from Ralph Brown's
>>interrupt list
> 
> 
> I don't see how trusting bios equates to secure code.

It doesn't. And I didn't say so. Any system with external
connections only enjoys relative security. I don't "trust"
BIOS. But the BIOS code is there regardless of whether
Linux or MSDOS or whatever OS (or even no OS) sits on top
of it.

>>Precisely. And unless an application invokes MSDOS, it will never
>>do anything to the serial port, nor will the BIOS.
> 
> 
> You can say the same for the keyboard - and the input devices
> are more or less interchangeable.  The application might be
> COPY.

I don't follow the point.

>>If there is more code, there is more exposure. MSDOS has much less
>>code than Linux and the Linux drivers for the serial ports.
> 
> 
> I think you need to take quality of code into account in a
> statement like that.

Certainly. But no matter how carefully crafted, more code
equates to more exposure.

Mike
-- 
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!