rpdom wrote: ↑
Wed Dec 13, 2017 6:15 pm
fluffysheap wrote: ↑
Wed Dec 13, 2017 10:52 am
"just don't do that" isn't an option for a security vulnerability.
Yes, it is.
That bit would have to explicitly be set. If someone is able to get into your system and do that then they already have full access to it.
Good security is not just about having a hard eggshell which is difficult to break, but about limiting the consequences once inside. There is, in fact, an unfortunate amount of hardware that can be permanently damaged or disabled by criminals using malware. Setting the USB boot bit is less troublesome than most other things that could happen. As rightly pointed out, the consequences of a security breach need to be considered when designing the hardware.