Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It seems that in order to read the partition table an o/s must execute some executable code at the beginning of a disk, in the area known as the master boot record.
This bizarre design came into being so there is flexibility in the design of partitioning tables. It also means viruses can reside in the mbr, and that is where the first ever virus resided.
Nowadays mbr infections are rare, but I wonder. Does linux still execute the instructions in the mbr machine code to get a partition table?
Before I read all of that, can we go straight to the answer? Is it "no" because that machine code is only executed when booting off that disk drive and not executed for other disk drives?
The BIOS has no other way to pass control to operating system. It is done through MBR of disk selected as boot device in BIOS (I think in EFI this is different). For example there could be installed GRUB. And yes, the virus can reside there. It can be installed under running Linux (of course, it must bypass its security) or other system, so is not very secure to use the same drives with Linux and other OS, like Windows.
There are 3 possibilites:
1. You have installed 'wine' or similar software (not emulator) - if you explicty run Windows virus, it will run and can do anything that Linux user can do under that user account. The virus must known it is run under wine, to make changes in Linux filesystem. If not it will only can make changes in ~/.wine directory
2. I hear that virus can be compiled in a way to execute in both operating systems, but I don't known if it is true.
3. If virus in some way will change MBR it will run before any operating system, and can do anything.
Quote:
And the partition table of a data disk (ie not the one you boot) can be accessed without the mbr code being executed?
Yes, code from MBR is only needed to start your operating system. To read partition layout there is no need to execute any code from MBR. Tools from operating system known how to read partition table.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.