Found a serious security issue.

So, as a lot of you might know (and I just recently noticed) If you have a disk in a disk drive next to a PC and that disk drive just happens to have a program called "Startup" if you boot the PC it will boot from the disk no mater what, I consider this a security risk and I consider it making a user imputed password completely null, I could have the best startup password program written to my PC, but have any random smart ass shutdown my computer, insert a malicious disk then have my PC run and boot directly from the drive, bypassing anything I had pre-set. Is there anything I can do to prevent this?

Maybe I'll suggest changing of this feature on the suggestion forums.

the pc checks for a disk drive i think it was north first so put on there put in a disk with a startup containing nothing and secure the disk drive with block's tada ur safe from people trying to hack you with disk's

Kolpa, on 04 August 2012 - 03:00 PM said:

the pc checks for a disk drive i think it was north first so put on there put in a disk with a startup containing nothing and secure the disk drive with block's tada ur safe from people trying to hack you with disk's

I still feel like it's quite a bit of a security hole, at least smp wise.

Darky_Alan, on 04 August 2012 - 03:03 PM said:

Kolpa, on 04 August 2012 - 03:00 PM said:

the pc checks for a disk drive i think it was north first so put on there put in a disk with a startup containing nothing and secure the disk drive with block's tada ur safe from people trying to hack you with disk's

I still feel like it's quite a bit of a security hole, at least smp wise.

It's more of a feature, not a security hole. The code was purposely written to make it so a disk's startup will run first. Also how come you didn't already know about this O_o everybody knows about it.

1lann, on 04 August 2012 - 03:07 PM said:

Darky_Alan, on 04 August 2012 - 03:03 PM said:

Kolpa, on 04 August 2012 - 03:00 PM said:

the pc checks for a disk drive i think it was north first so put on there put in a disk with a startup containing nothing and secure the disk drive with block's tada ur safe from people trying to hack you with disk's

I still feel like it's quite a bit of a security hole, at least smp wise.

It's more of a feature, not a security hole. The code was purposely written to make it so a disk's startup will run first. Also how come you didn't already know about this O_o everybody knows about it.

because I'm relatively new to CC, started using tekkit a month ago.

Darky_Alan, on 04 August 2012 - 02:49 PM said:

So, as a lot of you might know (and I just recently noticed) If you have a disk in a disk drive next to a PC and that disk drive just happens to have a program called "Startup" if you boot the PC it will boot from the disk no mater what, I consider this a security risk and I consider it making a user imputed password completely null, I could have the best startup password program written to my PC, but have any random smart ass shutdown my computer, insert a malicious disk then have my PC run and boot directly from the drive, bypassing anything I had pre-set. Is there anything I can do to prevent this?

Maybe I'll suggest changing of this feature on the suggestion forums.

You can disable it by editing the shell.
(next post)

To disable it just edit (mcfolder/mods/ComputerCraft/rom/programs/shell) and find the piece of code:

	    -- Then run the user created startup, from the disks or the root
	    local sUserStartup = shell.resolveProgram( "/startup" )
	    for n,sSide in pairs( redstone.getSides() ) do
			    if disk.isPresent( sSide ) and disk.hasData( sSide ) then
					    local sDiskStartup = shell.resolveProgram( fs.combine(disk.getMountPath( sSide ), "startup") )
					    if sDiskStartup then
							    sUserStartup = sDiskStartup
							    break
					    end
			    end
	    end

And replace it with:

	    -- Then run the user created startup, from the disks or the root
	    local sUserStartup = shell.resolveProgram( "/startup" )
	    --Disable disk booting by commenting out the for loop
	    --[[
	    for n,sSide in pairs( redstone.getSides() ) do
			    if disk.isPresent( sSide ) and disk.hasData( sSide ) then
					    local sDiskStartup = shell.resolveProgram( fs.combine(disk.getMountPath( sSide ), "startup") )
					    if sDiskStartup then
							    sUserStartup = sDiskStartup
							    break
					    end
			    end
	    end
	    --]]

I did an experiment on this in my ssp world. I found out that the top disk drive is loaded first. Just sayin'.

Ummm read this, there are ways to disable this… http://www.computerc...p-disk-booting/

Tutorials are a great place for information.