This is a read-only snapshot of the ComputerCraft forums, taken in April 2020.
ComputerCraftSuggestions
Ajt86's profile picture

Ability to overwrite ROM (except bios.lua) on first startup (new computer)

Started by Ajt86, 11 January 2016 - 05:07 PM
Ajt86 #1

Ajt86's profile picture

41 posts

Posted 11 January 2016 - 06:07 PM
While it is possible to, in some way, modify the ROM by screwing with the fs / io API, I would like to change rom/startup because it can cause security exploits (most notably with disks) and modifying the API just doesn't make the cut because rom/startup is already run before /startup. I would also like it to be possible to have each computer have a custom rom, to allow for it on servers.

Would it be possible to allow the person who placed the computer to modify the rom directory or allow its modification only when a new computer is placed (computer must be backed up and replaced to fix)?

This system could become 100% secure simply by requiring that the person labels their computer and the OS checks the computer's ID every startup to verify that a potential hacker hasn't (somehow) copied all files off and replaced the computer with a new one. On top of that, the hacker wouldn't even be able to obtain the files without breaking into the OS, assuming the OS is custom and supports user-level security (or file encryption).

Here's how exactly it could work…
  1. User places a new computer (new ID generated)
  2. Computer asks the user if they want to modify the rom (recommends to select "no")
  3. If yes, computer opens up into a basic shell where the user is asked to select a disk drive containing the new rom
  4. Computer then resumes running by going through the OS's security checks (OS handles sandboxing, etc).
  5. User now has a secure computer.
I don't see how this could be misused and hope that it gets implemented.
Edited on 12 January 2016 - 01:51 PM
Anavrins #2

Anavrins's profile picture

756 posts

Posted 11 January 2016 - 06:19 PM
Preventing disk autorun doesn't need any change to the bios and can be easily done with a resource pack that modifies the /rom/startup.
I personally think having the opportunity to load an arbitrary bios would cause a lot of instability.
Creator #3

Creator's profile picture

2679 posts

Location You will never find me, muhahahahahaha

Posted 11 January 2016 - 06:48 PM
The bios controls things like protecting the metatables of the string API. It also defines the function print. I am not sure you want to mess with that.
Ajt86 #4

Ajt86's profile picture

41 posts

Posted 11 January 2016 - 07:07 PM
Ah, well at least a way of modifying all rom files (except bios.lua) then.
Anavrins #5

Anavrins's profile picture

756 posts

Posted 11 January 2016 - 09:35 PM
Ajt86, on 11 January 2016 - 07:07 PM said:
Ah, well at least a way of modifying all rom files (except bios.lua) then.
In that case, it is already possible.
http://www.computercraft.info/forums2/index.php?/topic/14049-how-to-make-and-install-lua-resource-packs/
Ajt86 #6

Ajt86's profile picture

41 posts

Posted 12 January 2016 - 02:50 PM
Unfortunately, that doesn't allow the individual modification of each computer's rom.
Anavrins #7

Anavrins's profile picture

756 posts

Posted 12 January 2016 - 07:04 PM
Still, adding arbitrary rom stuff is not recommended, though you'd be happy to know that the latest beta of CC allows for disabling startup script on a per-computer basis. http://www.computerc...ta-information/
Edited on 13 January 2016 - 01:43 AM
SquidDev #8

SquidDev's profile picture

1426 posts

Location Does anyone put something serious here?

Posted 12 January 2016 - 09:19 PM
There was a similar discussion a while back which discussed a similar problem, and highlights some issues. However you might want to look at the latest beta which has an option to disable booting from disks, which solves most problems.