On Fri, 21 Jul 2000, Andre Hedrick wrote:
> On Fri, 21 Jul 2000, Oliver Xymoron wrote:
>
> > No, of course not, but we also don't want to make large changes to the
> > kernel to paper over a hole that we can't cement closed. Especially now.
>
> Here is you damn steel-plate-of-armor!
You're missing the point. If root _wants_ to damage the drive, this patch
won't stop him. He merely loads a module that duplicates the old code and
away we go. If I mention it on Bugtraq, someone will probably post the
source for such a module within a week. Fighting it is futile.
This doesn't mean we shouldn't try to prevent people from doing it by
accident, it just means the fix should be as simple and non-intrusive to
the kernel as possible. If the fix is anything more than:
if(NAUGHTY_IDE_COMMAND)
{
printk("NAUGHTY__IDE_COMMAND attempted\n");
return -EBADUSER;
}
..then it might not be worth fixing. I'd even be ok with:
if(NAUGHTY_IDE_COMMAND) panic(); /* root tried to kill drive */
..as it keeps root from doing anything else bad.
-- "Love the dolphins," she advised him. "Write by W.A.S.T.E.."- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:15 EST