On Fri, Jul 21, 2000, Andre Hedrick <andre@linux-ide.org> wrote:
> If you try to pass raw taskfile command to the drive and you have no clue.
> The hardware will BUCK 99% of the time.
>
> Using the kernel IOCTL, it BUCKS 5% of the time and the damage is done.
> Baically, you want me to continue helping you destroy your hardware.
> I will not be a part of that!
You didn't read my email did you?
I suggest you go back and re-read it.
> Do you allow USB to send unrestricted commands that will damage the
> hardware?
Sure. Many devices have upgradeable firmware. I'm sure sending garbage
as firmware will make some devices a paperweight.
We don't know what can and can't do harm in these cases so we don't even
try to prevent.
> You know that I can publish how to take Linux down with the current IOCTLs
> and ROOT can not stop the attack. If this is what it takes to bring Linux
> to it's knees gain the needed protection I may consider it.
I can do that too.
dd if=/dev/zero of=/dev/kmem
The machine will panic or mysteriously hang. Any other root logged in
cannot stop the attack since the crash will be pretty damn quick.
I assume you're talking about damaging the hardware than crashing the
system. If there's an easy way of fixing the problem, fix it. It looks
like you have a small patch which would prevent people from abusing or
using by accident that ioctl call to damage their hardware.
Just don't pretend that this completely solves the problem because it
doesn't. It solves this one case and makes it harder to hang yourself,
but you can still hang yourself.
JE
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:16 EST