Is it possible to hide an area of hard disk from root user?
up vote
1
down vote
favorite
Do linux kernel have a feature that can be used to hide an area of hard disk (e.g last 1GB of hard disk) from root user or at least make that area completely unwritable by any means?
linux kernel security root
asked Dec 3 at 10:14
gopy
395
add a comment |
up vote
1
down vote
favorite
Do linux kernel have a feature that can be used to hide an area of hard disk (e.g last 1GB of hard disk) from root user or at least make that area completely unwritable by any means?
linux kernel security root
asked Dec 3 at 10:14
gopy
395
2
Who - if not root - should introduce that feature? That "user" could circumvent it as well...
– RudiC
Dec 3 at 10:44
Depending on what the puprose is, one could possibly do it (whatever it is) by other means.
– Kusalananda
Dec 3 at 10:59
Unreadable stored data at rest, yes (encrypted filesystem using an external key, such as a Yubikey)... unwritable, no, not normally. However, once the user decrypts the filesystem, then root can access the data as well.
– RubberStamp
Dec 3 at 12:54
@RudiC The kernel programmer and one which configures it has more power than root user. perhaps you misunderstand my question or my wording is ambiguous.
– gopy
Dec 3 at 13:18
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
Do linux kernel have a feature that can be used to hide an area of hard disk (e.g last 1GB of hard disk) from root user or at least make that area completely unwritable by any means?
linux kernel security root
asked Dec 3 at 10:14
gopy
395
Do linux kernel have a feature that can be used to hide an area of hard disk (e.g last 1GB of hard disk) from root user or at least make that area completely unwritable by any means?
linux kernel security root
linux kernel security root
asked Dec 3 at 10:14
gopy
395
asked Dec 3 at 10:14
gopy
395
asked Dec 3 at 10:14
gopy
395
asked Dec 3 at 10:14
gopy
395
asked Dec 3 at 10:14
gopy
395
395
2
Who - if not root - should introduce that feature? That "user" could circumvent it as well...
– RudiC
Dec 3 at 10:44
Depending on what the puprose is, one could possibly do it (whatever it is) by other means.
– Kusalananda
Dec 3 at 10:59
Unreadable stored data at rest, yes (encrypted filesystem using an external key, such as a Yubikey)... unwritable, no, not normally. However, once the user decrypts the filesystem, then root can access the data as well.
– RubberStamp
Dec 3 at 12:54
@RudiC The kernel programmer and one which configures it has more power than root user. perhaps you misunderstand my question or my wording is ambiguous.
– gopy
Dec 3 at 13:18
add a comment |
2
Who - if not root - should introduce that feature? That "user" could circumvent it as well...
– RudiC
Dec 3 at 10:44
Depending on what the puprose is, one could possibly do it (whatever it is) by other means.
– Kusalananda
Dec 3 at 10:59
Unreadable stored data at rest, yes (encrypted filesystem using an external key, such as a Yubikey)... unwritable, no, not normally. However, once the user decrypts the filesystem, then root can access the data as well.
– RubberStamp
Dec 3 at 12:54
@RudiC The kernel programmer and one which configures it has more power than root user. perhaps you misunderstand my question or my wording is ambiguous.
– gopy
Dec 3 at 13:18
2
2
Who - if not root - should introduce that feature? That "user" could circumvent it as well...
– RudiC
Dec 3 at 10:44
Who - if not root - should introduce that feature? That "user" could circumvent it as well...
– RudiC
Dec 3 at 10:44
Depending on what the puprose is, one could possibly do it (whatever it is) by other means.
– Kusalananda
Dec 3 at 10:59
Depending on what the puprose is, one could possibly do it (whatever it is) by other means.
– Kusalananda
Dec 3 at 10:59
Unreadable stored data at rest, yes (encrypted filesystem using an external key, such as a Yubikey)... unwritable, no, not normally. However, once the user decrypts the filesystem, then root can access the data as well.
– RubberStamp
Dec 3 at 12:54
Unreadable stored data at rest, yes (encrypted filesystem using an external key, such as a Yubikey)... unwritable, no, not normally. However, once the user decrypts the filesystem, then root can access the data as well.
– RubberStamp
Dec 3 at 12:54
@RudiC The kernel programmer and one which configures it has more power than root user. perhaps you misunderstand my question or my wording is ambiguous.
– gopy
Dec 3 at 13:18
@RudiC The kernel programmer and one which configures it has more power than root user. perhaps you misunderstand my question or my wording is ambiguous.
– gopy
Dec 3 at 13:18
add a comment |
2 Answers
2
active
oldest
votes
up vote
2
down vote
No, the root user is always able to write to a block device, unless the controller of the block device determines that an area is read-only.
Example: when you flip the read-only switch on an SD card, the SD card controller doesn't allow writing.
There's flash memory devices with read-only partitions e.g. in your phone or TV to contain decoder keys.
For consumer hard disks you'd have to modify the firmware, otherwise root can access every byte.
answered Dec 3 at 10:50
Stefaan Ghysels
443
New contributor
Stefaan Ghysels is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Can a controller make a particular block read only or it can make only full device read only?
– Debian_yadav
Dec 3 at 12:22
The controller is a microchip on the storage device. E.g. the controller on an SSD keeps track of broken sectors and usually prevents you from writing to them, and those sectors may not even be visible to the host device.
– Stefaan Ghysels
Dec 3 at 13:04
How about writing a new driver for the hard disk and forcing user space programs to use this driver? (I don't know how)
– gopy
Dec 3 at 13:22
1
You could make a device (e.g. a consumer NAS) and supply it with an OS with a custom driver that limits writing to part of a block device. However a root user can unload that kernel module and load his own OS or kernel modules as he likes.
– Stefaan Ghysels
Dec 3 at 13:34
add a comment |
up vote
2
down vote
The ATA specification has something called Host Protected Area.
This means that the capacity of the device is artificially made less than the full capacity. The area above the reported maximum LBA is this Host Protected Area, and can only be accessed after sending a special command to unlock this area.
This is typically used for storing recovery data, so that the user can't accidentally repartition the disk and wipe out the recovery partition; it's not a partition, after all. My IBM Thinkpad from 2004 implemented this, and it worked quite well.
This may be useful for your application.
answered Dec 3 at 13:37
wurtel
9,72511325
1
hdparam + root = HPA compromised
– RubberStamp
Dec 3 at 14:18
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
No, the root user is always able to write to a block device, unless the controller of the block device determines that an area is read-only.
Example: when you flip the read-only switch on an SD card, the SD card controller doesn't allow writing.
There's flash memory devices with read-only partitions e.g. in your phone or TV to contain decoder keys.
For consumer hard disks you'd have to modify the firmware, otherwise root can access every byte.
answered Dec 3 at 10:50
Stefaan Ghysels
443
New contributor
Stefaan Ghysels is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Can a controller make a particular block read only or it can make only full device read only?
– Debian_yadav
Dec 3 at 12:22
The controller is a microchip on the storage device. E.g. the controller on an SSD keeps track of broken sectors and usually prevents you from writing to them, and those sectors may not even be visible to the host device.
– Stefaan Ghysels
Dec 3 at 13:04
How about writing a new driver for the hard disk and forcing user space programs to use this driver? (I don't know how)
– gopy
Dec 3 at 13:22
1
You could make a device (e.g. a consumer NAS) and supply it with an OS with a custom driver that limits writing to part of a block device. However a root user can unload that kernel module and load his own OS or kernel modules as he likes.
– Stefaan Ghysels
Dec 3 at 13:34
add a comment |
up vote
2
down vote
No, the root user is always able to write to a block device, unless the controller of the block device determines that an area is read-only.
Example: when you flip the read-only switch on an SD card, the SD card controller doesn't allow writing.
There's flash memory devices with read-only partitions e.g. in your phone or TV to contain decoder keys.
For consumer hard disks you'd have to modify the firmware, otherwise root can access every byte.
answered Dec 3 at 10:50
Stefaan Ghysels
443
New contributor
Stefaan Ghysels is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Can a controller make a particular block read only or it can make only full device read only?
– Debian_yadav
Dec 3 at 12:22
The controller is a microchip on the storage device. E.g. the controller on an SSD keeps track of broken sectors and usually prevents you from writing to them, and those sectors may not even be visible to the host device.
– Stefaan Ghysels
Dec 3 at 13:04
How about writing a new driver for the hard disk and forcing user space programs to use this driver? (I don't know how)
– gopy
Dec 3 at 13:22
1
You could make a device (e.g. a consumer NAS) and supply it with an OS with a custom driver that limits writing to part of a block device. However a root user can unload that kernel module and load his own OS or kernel modules as he likes.
– Stefaan Ghysels
Dec 3 at 13:34
add a comment |
up vote
2
down vote
up vote
2
down vote
No, the root user is always able to write to a block device, unless the controller of the block device determines that an area is read-only.
Example: when you flip the read-only switch on an SD card, the SD card controller doesn't allow writing.
There's flash memory devices with read-only partitions e.g. in your phone or TV to contain decoder keys.
For consumer hard disks you'd have to modify the firmware, otherwise root can access every byte.
answered Dec 3 at 10:50
Stefaan Ghysels
443
New contributor
Stefaan Ghysels is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
No, the root user is always able to write to a block device, unless the controller of the block device determines that an area is read-only.
Example: when you flip the read-only switch on an SD card, the SD card controller doesn't allow writing.
There's flash memory devices with read-only partitions e.g. in your phone or TV to contain decoder keys.
For consumer hard disks you'd have to modify the firmware, otherwise root can access every byte.
answered Dec 3 at 10:50
Stefaan Ghysels
443
New contributor
Stefaan Ghysels is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered Dec 3 at 10:50
Stefaan Ghysels
443
New contributor
Stefaan Ghysels is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered Dec 3 at 10:50
Stefaan Ghysels
443
answered Dec 3 at 10:50
Stefaan Ghysels
443
443
New contributor
Stefaan Ghysels is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Stefaan Ghysels is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Stefaan Ghysels is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Can a controller make a particular block read only or it can make only full device read only?
– Debian_yadav
Dec 3 at 12:22
The controller is a microchip on the storage device. E.g. the controller on an SSD keeps track of broken sectors and usually prevents you from writing to them, and those sectors may not even be visible to the host device.
– Stefaan Ghysels
Dec 3 at 13:04
How about writing a new driver for the hard disk and forcing user space programs to use this driver? (I don't know how)
– gopy
Dec 3 at 13:22
1
You could make a device (e.g. a consumer NAS) and supply it with an OS with a custom driver that limits writing to part of a block device. However a root user can unload that kernel module and load his own OS or kernel modules as he likes.
– Stefaan Ghysels
Dec 3 at 13:34
add a comment |
Can a controller make a particular block read only or it can make only full device read only?
– Debian_yadav
Dec 3 at 12:22
The controller is a microchip on the storage device. E.g. the controller on an SSD keeps track of broken sectors and usually prevents you from writing to them, and those sectors may not even be visible to the host device.
– Stefaan Ghysels
Dec 3 at 13:04
How about writing a new driver for the hard disk and forcing user space programs to use this driver? (I don't know how)
– gopy
Dec 3 at 13:22
1
You could make a device (e.g. a consumer NAS) and supply it with an OS with a custom driver that limits writing to part of a block device. However a root user can unload that kernel module and load his own OS or kernel modules as he likes.
– Stefaan Ghysels
Dec 3 at 13:34
Can a controller make a particular block read only or it can make only full device read only?
– Debian_yadav
Dec 3 at 12:22
Can a controller make a particular block read only or it can make only full device read only?
– Debian_yadav
Dec 3 at 12:22
The controller is a microchip on the storage device. E.g. the controller on an SSD keeps track of broken sectors and usually prevents you from writing to them, and those sectors may not even be visible to the host device.
– Stefaan Ghysels
Dec 3 at 13:04
The controller is a microchip on the storage device. E.g. the controller on an SSD keeps track of broken sectors and usually prevents you from writing to them, and those sectors may not even be visible to the host device.
– Stefaan Ghysels
Dec 3 at 13:04
How about writing a new driver for the hard disk and forcing user space programs to use this driver? (I don't know how)
– gopy
Dec 3 at 13:22
How about writing a new driver for the hard disk and forcing user space programs to use this driver? (I don't know how)
– gopy
Dec 3 at 13:22
1
1
You could make a device (e.g. a consumer NAS) and supply it with an OS with a custom driver that limits writing to part of a block device. However a root user can unload that kernel module and load his own OS or kernel modules as he likes.
– Stefaan Ghysels
Dec 3 at 13:34
You could make a device (e.g. a consumer NAS) and supply it with an OS with a custom driver that limits writing to part of a block device. However a root user can unload that kernel module and load his own OS or kernel modules as he likes.
– Stefaan Ghysels
Dec 3 at 13:34
add a comment |
up vote
2
down vote
The ATA specification has something called Host Protected Area.
This means that the capacity of the device is artificially made less than the full capacity. The area above the reported maximum LBA is this Host Protected Area, and can only be accessed after sending a special command to unlock this area.
This is typically used for storing recovery data, so that the user can't accidentally repartition the disk and wipe out the recovery partition; it's not a partition, after all. My IBM Thinkpad from 2004 implemented this, and it worked quite well.
This may be useful for your application.
answered Dec 3 at 13:37
wurtel
9,72511325
1
hdparam + root = HPA compromised
– RubberStamp
Dec 3 at 14:18
add a comment |
up vote
2
down vote
The ATA specification has something called Host Protected Area.
This means that the capacity of the device is artificially made less than the full capacity. The area above the reported maximum LBA is this Host Protected Area, and can only be accessed after sending a special command to unlock this area.
This is typically used for storing recovery data, so that the user can't accidentally repartition the disk and wipe out the recovery partition; it's not a partition, after all. My IBM Thinkpad from 2004 implemented this, and it worked quite well.
This may be useful for your application.
answered Dec 3 at 13:37
wurtel
9,72511325
1
hdparam + root = HPA compromised
– RubberStamp
Dec 3 at 14:18
add a comment |
up vote
2
down vote
up vote
2
down vote
The ATA specification has something called Host Protected Area.
This means that the capacity of the device is artificially made less than the full capacity. The area above the reported maximum LBA is this Host Protected Area, and can only be accessed after sending a special command to unlock this area.
This is typically used for storing recovery data, so that the user can't accidentally repartition the disk and wipe out the recovery partition; it's not a partition, after all. My IBM Thinkpad from 2004 implemented this, and it worked quite well.
This may be useful for your application.
answered Dec 3 at 13:37
wurtel
9,72511325
The ATA specification has something called Host Protected Area.
This means that the capacity of the device is artificially made less than the full capacity. The area above the reported maximum LBA is this Host Protected Area, and can only be accessed after sending a special command to unlock this area.
This is typically used for storing recovery data, so that the user can't accidentally repartition the disk and wipe out the recovery partition; it's not a partition, after all. My IBM Thinkpad from 2004 implemented this, and it worked quite well.
This may be useful for your application.
answered Dec 3 at 13:37
wurtel
9,72511325
answered Dec 3 at 13:37
wurtel
9,72511325
answered Dec 3 at 13:37
wurtel
9,72511325
answered Dec 3 at 13:37
wurtel
9,72511325
9,72511325
1
hdparam + root = HPA compromised
– RubberStamp
Dec 3 at 14:18
add a comment |
1
hdparam + root = HPA compromised
– RubberStamp
Dec 3 at 14:18
1
1
hdparam + root = HPA compromised
– RubberStamp
Dec 3 at 14:18
hdparam + root = HPA compromised
– RubberStamp
Dec 3 at 14:18
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f485653%2fis-it-possible-to-hide-an-area-of-hard-disk-from-root-user%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
Who - if not root - should introduce that feature? That "user" could circumvent it as well...
– RudiC
Dec 3 at 10:44
Depending on what the puprose is, one could possibly do it (whatever it is) by other means.
– Kusalananda
Dec 3 at 10:59
Unreadable stored data at rest, yes (encrypted filesystem using an external key, such as a Yubikey)... unwritable, no, not normally. However, once the user decrypts the filesystem, then root can access the data as well.
– RubberStamp
Dec 3 at 12:54
@RudiC The kernel programmer and one which configures it has more power than root user. perhaps you misunderstand my question or my wording is ambiguous.
– gopy
Dec 3 at 13:18