A lot of people seem to be misunderstanding the issue, so I'm going to post
a summary.
Andre Hendrik is a Linux Kernel developer who works on the IDE/ATAPI
stuff. He has found a problem in the code governing the ATAPI command set.
The problem is that *any* code seems to be blindly passed on by the kernel
without sanity checking. That is, any thing handed to the kernel
programming interface for it is not checked to see if it is a valid ATAPI
command before being sent to devices.
How is this a problem? Well, while a lot of people seem to think it's a
security issue ("Root is god and can bit bang all they want, or can kick the
machine!"), they fail to grasp the more important issue: any program with a
typo, a missed branch, etc, can go and turn your hard disk drive into a
paperweight. That's a bit more dangerous than volunteer sysadmins logging
in and trying to rm -rf /.
A program interface in the kernel is not being sanity checked. Because of
this, if there is a failure in a program which does work on a drive (such as
fdisk, etc), you can have a nice fail-dead situation, instead of an -EINVAL
return code.
Program interfaces should be designed to work, or fail with a known error
code when given invalid data. Anything else is madness, and anyone who says
otherwise deserves to attempt to write Win32 API code.
--
www.kuro5hin.org -- technology and culture, from the trenches.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:16 EST