On Fri, 21 Jul 2000, Andre Hedrick wrote:
> On Sat, 22 Jul 2000, Stephen Frost wrote:
>
> > If the security isn't perfect how about we *fix* them instead of
> > trying to fix the impossible. If the abuser has root it isn't going to
> > make any difference. Hell, the abuser could *reboot* the machine into
> > some stupid OS and set it up such that it blows away the disk. So much
> > for all of the crap we stuck in the linux kernel to not allow this. Now
> > we have a bunch of crap in the kernel that doesn't actually protect
> > anything. I thought the general idea was that excess crap in the kernel
> > was *bad*.
>
> OPEN up your mind and think that securing all sides of an issue is better
> than depending on one and only one.
The point is that protecting against damage done by root is foolish.
Attempting to protect the hardware from root is silly. If this patch has
other redeeming features, such as adding a proper return code for invalid
requests, then perhaps it should be applied. It shouldn't be put in if the
only point to it is to try and protect against root doing damage.
A question for you though: I get the impression these operations
that can destroy the disk were originally designed by the vendors as ways
to update the bios on the disk from software. Clearly this can be a useful
feature, much the same as updating the bios on a motherboard from software.
Would your patch break this ability, requireing people to reboot to DOS or
similar in order to upgrade the bios on their disks?
Stephen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:17 EST