Jump to content




Found a serious security issue.


8 replies to this topic

#1 Darky_Alan

  • Members
  • 89 posts
  • LocationPuerto Rico

Posted 04 August 2012 - 01:49 PM

So, as a lot of you might know (and I just recently noticed) If you have a disk in a disk drive next to a PC and that disk drive just happens to have a program called "Startup" if you boot the PC it will boot from the disk no mater what, I consider this a security risk and I consider it making a user imputed password completely null, I could have the best startup password program written to my PC, but have any random smart ass shutdown my computer, insert a malicious disk then have my PC run and boot directly from the drive, bypassing anything I had pre-set. Is there anything I can do to prevent this?

Maybe I'll suggest changing of this feature on the suggestion forums.

#2 Kolpa

  • New Members
  • 260 posts
  • LocationGermany

Posted 04 August 2012 - 02:00 PM

the pc checks for a disk drive i think it was north first so put on there put in a disk with a startup containing nothing and secure the disk drive with block's tada ur safe from people trying to hack you with disk's

#3 Darky_Alan

  • Members
  • 89 posts
  • LocationPuerto Rico

Posted 04 August 2012 - 02:03 PM

View PostKolpa, on 04 August 2012 - 02:00 PM, said:

the pc checks for a disk drive i think it was north first so put on there put in a disk with a startup containing nothing and secure the disk drive with block's tada ur safe from people trying to hack you with disk's
I still feel like it's quite a bit of a security hole, at least smp wise.

#4 1lann

  • Members
  • 516 posts
  • LocationSeattle

Posted 04 August 2012 - 02:07 PM

View PostDarky_Alan, on 04 August 2012 - 02:03 PM, said:

View PostKolpa, on 04 August 2012 - 02:00 PM, said:

the pc checks for a disk drive i think it was north first so put on there put in a disk with a startup containing nothing and secure the disk drive with block's tada ur safe from people trying to hack you with disk's
I still feel like it's quite a bit of a security hole, at least smp wise.
It's more of a feature, not a security hole. The code was purposely written to make it so a disk's startup will run first. Also how come you didn't already know about this O_o everybody knows about it.

#5 Darky_Alan

  • Members
  • 89 posts
  • LocationPuerto Rico

Posted 04 August 2012 - 05:07 PM

View Post1lann, on 04 August 2012 - 02:07 PM, said:

View PostDarky_Alan, on 04 August 2012 - 02:03 PM, said:

View PostKolpa, on 04 August 2012 - 02:00 PM, said:

the pc checks for a disk drive i think it was north first so put on there put in a disk with a startup containing nothing and secure the disk drive with block's tada ur safe from people trying to hack you with disk's
I still feel like it's quite a bit of a security hole, at least smp wise.
It's more of a feature, not a security hole. The code was purposely written to make it so a disk's startup will run first. Also how come you didn't already know about this O_o everybody knows about it.

because I'm relatively new to CC, started using tekkit a month ago.

#6 cant_delete_account

  • Members
  • 484 posts

Posted 04 August 2012 - 05:11 PM

View PostDarky_Alan, on 04 August 2012 - 01:49 PM, said:

So, as a lot of you might know (and I just recently noticed) If you have a disk in a disk drive next to a PC and that disk drive just happens to have a program called "Startup" if you boot the PC it will boot from the disk no mater what, I consider this a security risk and I consider it making a user imputed password completely null, I could have the best startup password program written to my PC, but have any random smart ass shutdown my computer, insert a malicious disk then have my PC run and boot directly from the drive, bypassing anything I had pre-set. Is there anything I can do to prevent this?

Maybe I'll suggest changing of this feature on the suggestion forums.
You can disable it by editing the shell.
(next post)

#7 cant_delete_account

  • Members
  • 484 posts

Posted 04 August 2012 - 05:14 PM

To disable it just edit (mcfolder/mods/ComputerCraft/rom/programs/shell) and find the piece of code:
	    -- Then run the user created startup, from the disks or the root
	    local sUserStartup = shell.resolveProgram( "/startup" )
	    for n,sSide in pairs( redstone.getSides() ) do
			    if disk.isPresent( sSide ) and disk.hasData( sSide ) then
					    local sDiskStartup = shell.resolveProgram( fs.combine(disk.getMountPath( sSide ), "startup") )
					    if sDiskStartup then
							    sUserStartup = sDiskStartup
							    break
					    end
			    end
	    end
And replace it with:
	    -- Then run the user created startup, from the disks or the root
	    local sUserStartup = shell.resolveProgram( "/startup" )
	    --Disable disk booting by commenting out the for loop
	    --[[
	    for n,sSide in pairs( redstone.getSides() ) do
			    if disk.isPresent( sSide ) and disk.hasData( sSide ) then
					    local sDiskStartup = shell.resolveProgram( fs.combine(disk.getMountPath( sSide ), "startup") )
					    if sDiskStartup then
							    sUserStartup = sDiskStartup
							    break
					    end
			    end
	    end
	    --]]


#8 Mtdj2

  • Members
  • 66 posts
  • LocationBehind you

Posted 04 August 2012 - 05:18 PM

I did an experiment on this in my ssp world. I found out that the top disk drive is loaded first. Just sayin'.

#9 Luanub

    Lua Nub

  • Members
  • 1,135 posts
  • LocationPortland OR

Posted 04 August 2012 - 09:03 PM

Ummm read this, there are ways to disable this... http://www.computerc...p-disk-booting/

Tutorials are a great place for information.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users