[Cryptography] trojans in the firmware

grarpamp grarpamp at gmail.com
Fri Feb 20 13:52:52 PST 2015

On Fri, Feb 20, 2015 at 7:39 AM, Mirimir <mirimir at riseup.net> wrote:
> On 02/20/2015 03:50 AM, grarpamp wrote:
>> On Thu, Feb 19, 2015 at 7:35 PM, Mirimir <mirimir at riseup.net> wrote:
>>>>> https://www.virtualbox.org/manual/ch09.html#rawdisk
>>> VirtualBox in Linux doesn't require root rights. I just checked htop on
>>> the host, and all VM processes are running as user. And visudo shows
>>> nothing about VirtualBox.
>> It may be setuid and switching users, or kernel module
>> or helper program or something, otherwise vbox
>> docs about pointing at /dev/sdx are bogus because
>> the raw devices aren't available to non root users.
>> I didn't read vbox docs closely.
> OK, I'll dig. It might be that mounting physical disks on the host
> requires root rights. But that's obviously insecure. What concerns me is
> guest access to the host's disk firmware when using VDIs.
>>> How would I test that? I suppose that I could setup a VM to boot from an
>>> HDD, and then see if I can flash the HDD's firmware. But I'm not the
>>> NSA, and so only success would be probative. But hey, I'll take a shot.
>> http://www.t13.org/documents/UploadedDocuments/docs2008/d1699r6a-ata8-acs.pdf
>> With whatever windows tools you find. Probably sdparm hdparm on linux.
>> camcontrol's cmd capabilities and cam(4) debug options on freebsd.
>> I wouldn't try to flash or fuzz a drive you can't afford to brick.
> Not a problem. I have a bunch of retired disks.

More information about the cypherpunks mailing list