Re: TO HELL WITH IT THEN......(re: disk-destroyer.c)

From: Horst von Brand (vonbrand@inf.utfsm.cl)
Date: Sat Jul 22 2000 - 08:08:41 EST


Andre Hedrick <andre@linux-ide.org> said:
[...]

> When it gets added, I will send you a patch to remove it so your computer
> can be screwed in user land. I think I have a CERT expert showing me that
> the size of disk-destroyer.c in compiled form is smaller than the
> shellcode stack. Therefore you push the stack, and if the PID you push
> into is running a root.root you are TOAST.

And if they get root and do a "dd if=/dev/zero of=/dev/hda" I'm toast
too. Disable dd(1), cp(1), echo(1), ... for that reason?

I'm assuming the relevant ioctls are protected by the standard
permissions, so (given sane permissions) only root can blow away the disk.
If a cracker gets root, I'm toast. If the ioctls are "protected" by the
kernel, they'll just do them the hard way. What's new there?

Sure, if the kernel does wrong stuff it has to be fixed. If the user does
idiotic stuff, it's his/her problem. Unix has always worked that way, and I
like it exactly for that general reason.

-- 
Dr. Horst H. von Brand                       mailto:vonbrand@inf.utfsm.cl
Departamento de Informatica                     Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria              +56 32 654239
Casilla 110-V, Valparaiso, Chile                Fax:  +56 32 797513

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:18 EST