Re: TO HELL WITH IT THEN......(re: disk-destroyer.c)

From: Remco B. Brink (remco@solbors.no)
Date: Mon Jul 24 2000 - 10:12:16 EST


Shalon Wood <dstar@pele.cx> writes:

> "Khimenko Victor" <khim@sch57.msk.ru> writes:
>
> > No. It's true ONLY if you are using "normal" TCP/IP unterface. If you are
> > using "raw sockets" you can send ANY packets (even non-IP ones). That's the
> > point. HDIO_DRIVE_CMD gives you the same "raw I/O" ability. In both cases
> > you MUST be root to use it. So what's the difference ? Why we are not adding
> > such sanity checks in network stack ? Since we know that stupid IDE drive
> > can be hurt by wrong packet and smart network card can not ? Then fix stupid
> > IDE drive and make it smart as well.
>
> You are personally volunteering to pay for the replacement of all of
> the drives out there? My understanding of what Andre is saying is that
> almost all currently existing drives are vulnerable.
>
> That attitude might be acceptable if 20% of the drives were
> vulnerable, but if 90% are vulnerable, things change.
>
> And the danger isn't from hostile root. The danger is from root
> running software that's buggy and sends garbage to the disk. It's good
> to make it harder to deliberately trash the disk, but yeah, root can
> do it if root wants too.
>
> But root shouldn't be able to do it *accidentally*.

which ofcourse poses the interesting question: how do we let the kernel decide
if root is trashing the disk on purpose or accidentally? Any checks that would
be imposed can just as hard be bypassed because of the nature of the root user.

Remco Brink

-- 

Remco B. Brink SOL Børs - Keysersgate 2 - Oslo - Norway Web: http://www.solbors.no

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Mon Jul 31 2000 - 21:00:16 EST