Andre Hedrick said once upon a time (Fri, 21 Jul 2000):
>
> If you try to pass raw taskfile command to the drive and you have no clue.
> The hardware will BUCK 99% of the time.
>
> Using the kernel IOCTL, it BUCKS 5% of the time and the damage is done.
> Baically, you want me to continue helping you destroy your hardware.
> I will not be a part of that!
Andre, your filter patch takes care of using the kernel IOCTLs from frying
the drive right? Does it/can it do anything about passing raw malicious
taskfile command to a drive?
Correct me if I'm wrong, but there isn't any way to stop ONE smart
malicious cracker from creating a script to send the raw malicious
taskfile command, and posting it to BUGTRAQ. Then all the script-kiddies
can hack root on upatched/insecure boxes and run the script to fry the
drives at will.
The script-kiddies don't have to derive the bad taskfile command once ONE
person does it for them, right?
Seems like the vendors have chosen the wrong side of the "security vs
convenience" trade-off yet again.
Dax
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:19 EST