On Fri, 21 Jul 2000, Stephen Frost wrote:
> And yet you would need to be root to do this, and I would suspect
> it *much* more likely a clueless root user would cat junk to /dev/sda than
> a program run as root which uses ioctl's would clobber it's own memory
> space and nuke the disk. Probably alot more likely any such program would
> segfault before doing much actually.
Stephen,
Assume a security exploit of you /bin/bash.
The publish ATA and SCSI program codes have been defined small enough to
push into a shellstack "memory push" buy a clever non-root user.
NO-ROOT involved here 'users.users'
Is this clear enough.
Now if you want to bet you butt on your security protocols are perfect,
GO-AWAY! Stop pumping garbage into a serious issue.
Andre Hedrick
The Linux ATA/IDE guy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:17 EST