In <Pine.LNX.4.21.0007212017160.24936-100000@squeaker.ratbox.org> Aaron Sethman (androsyn@ratbox.org) wrote:
> On Sat, 22 Jul 2000, David Luyer wrote:
>> So what?
>>
>> It is _much_ easier to do "cat </dev/zero >/dev/sda"
>> and about as likely to be effective.
>>
>> David.
> But how often is a program with a bug in it likely to execute this
> command? Lets say some program has a buffer overflow somewhere and it
> ends up clobbering the section of memory that holds the bits for the
> ioctl. Suddenly your data is gone and your left clueless. My question is
> what functionality are you going to lose by have some sanity checking in
> the kernel? Yes I know you can fiddle with /dev/mem etc..but this is know
> where near as likely to be triggered by a buggy program now is it?
Probability to kill you HDD with OCCASIONAL buffer overflow (and not by
buffer overflow caused by attacker) is so low that is does not worth it.
And it does not help you to protect against cracker. Then why it's needed
at all ?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:18 EST