Re: disk-destroyer.c

From: Karen Shaeffer (shaeffer@best.com)
Date: Fri Jul 21 2000 - 19:29:00 EST

Next message: Mike A. Harris: "Re: scsi-destroyer.c to come..."
Previous message: Aaron Sethman: "Re: scsi-destroyer.c to come..."
In reply to: Dylan Griffiths: "Re: disk-destroyer.c"
Next in thread: Andre Hedrick: "Re: disk-destroyer.c"
Reply: Andre Hedrick: "Re: disk-destroyer.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jul 21, 2000 at 04:18:20PM -0600, Dylan Griffiths wrote:
> A lot of people seem to be misunderstanding the issue, so I'm going to post
> a summary.
> Andre Hendrik is a Linux Kernel developer who works on the IDE/ATAPI
> stuff. He has found a problem in the code governing the ATAPI command set.
> The problem is that *any* code seems to be blindly passed on by the kernel
> without sanity checking. That is, any thing handed to the kernel
> programming interface for it is not checked to see if it is a valid ATAPI
> command before being sent to devices.
> How is this a problem? Well, while a lot of people seem to think it's a
> security issue ("Root is god and can bit bang all they want, or can kick the
> machine!"), they fail to grasp the more important issue: any program with a
> typo, a missed branch, etc, can go and turn your hard disk drive into a
> paperweight. That's a bit more dangerous than volunteer sysadmins logging
> in and trying to rm -rf /.
> A program interface in the kernel is not being sanity checked. Because of
> this, if there is a failure in a program which does work on a drive (such as
> fdisk, etc), you can have a nice fail-dead situation, instead of an -EINVAL
> return code.
> Program interfaces should be designed to work, or fail with a known error
> code when given invalid data. Anything else is madness, and anyone who says
> otherwise deserves to attempt to write Win32 API code.
> --
> www.kuro5hin.org -- technology and culture, from the trenches.

Thank you for the nice summary. And, certainly the patch should be applied.

But you have described defective hardware. And despite the patch, it is still
possible for a malicious root to exploit this defective hardware. So, this
is ultimately a hardware manufacturer issue. A list of boards with the defective
disk controller chip should be released to the public, so consumers can be
aware of the problem and *NOT* purchase these controllers in the future.

-- Karen Shaeffer Neuralscape; Santa Cruz, Ca. 95060 shaeffer@neuralscape.com http://www.neuralscape.com

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Mike A. Harris: "Re: scsi-destroyer.c to come..."
Previous message: Aaron Sethman: "Re: scsi-destroyer.c to come..."
In reply to: Dylan Griffiths: "Re: disk-destroyer.c"
Next in thread: Andre Hedrick: "Re: disk-destroyer.c"
Reply: Andre Hedrick: "Re: disk-destroyer.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:17 EST