> > > Can disk-destroyer be pushed into a shellstack because it is so small?
> > >
> > Yes, it's true. It can be made even smaller, much smaller, than the
> > compiled size of the code. Although the limits on how much shellcode
> > you can send in a buffer overrun do vary, I expect this will almost
> > certainly fit in just about every buffer overrun I've seen.
Here is your SECURITY HOLE!
JOE-SIX-PACK-HACKER can fry your butt.
On Fri, 21 Jul 2000, Oliver Xymoron wrote:
> On Fri, 21 Jul 2000, Andre Hedrick wrote:
>
> > On Fri, 21 Jul 2000, Oliver Xymoron wrote:
> >
> > > No, of course not, but we also don't want to make large changes to the
> > > kernel to paper over a hole that we can't cement closed. Especially now.
> >
> > Here is you damn steel-plate-of-armor!
>
> You're missing the point. If root _wants_ to damage the drive, this patch
> won't stop him. He merely loads a module that duplicates the old code and
> away we go. If I mention it on Bugtraq, someone will probably post the
> source for such a module within a week. Fighting it is futile.
>
> This doesn't mean we shouldn't try to prevent people from doing it by
> accident, it just means the fix should be as simple and non-intrusive to
> the kernel as possible. If the fix is anything more than:
>
> if(NAUGHTY_IDE_COMMAND)
> {
> printk("NAUGHTY__IDE_COMMAND attempted\n");
> return -EBADUSER;
> }
>
> ..then it might not be worth fixing. I'd even be ok with:
>
> if(NAUGHTY_IDE_COMMAND) panic(); /* root tried to kill drive */
>
> ..as it keeps root from doing anything else bad.
>
> --
> "Love the dolphins," she advised him. "Write by W.A.S.T.E.."
>
>
Andre Hedrick
The Linux ATA/IDE guy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:18 EST