On Wed, Mar 25, 2009 at 08:11:41AM +0100, Didier Wiroth wrote: > Hello, > I've read this a few minutes ago. I'm not a developer, nor a security > specialist so I was wondering if that is a serious issue for Openbsd. > http://i.zdnet.com/blogs/core_bios.pdf > As far as I understood, they mention the "Openbsd shadow files" as being > vulnerable/exploitable to these kind of attacks, have a look at Page 17. > Kind regards, > Didier
That the BIOS can be patched to run arbitrary code isn't new at all (Think DOS virii, there was even a switch in older bioses that prevented flashing and sometimes boot sector writing). The Core guys "just" produced a nice POC and - to get more attention, demonstrated that it "os-independent" really means that it also works with OpenBSD. Overall, nice work but this really has nothing to do with operating systems. These are flaws in the x86 hardware architecture introduced by Intel and various other vendors.
