Re: ANNOUNCE: /dev/bios - flash rom bios driver

Stefan Reinauer (stepan@wesley.informatik.uni-freiburg.de)
Wed, 11 Feb 1998 15:44:09 +0100 (CET)


> According to Dr. Werner Fink:
> > > With this driver it's possible to do things like
> > > dd if=/bios.bin of=/dev/bios bs=128k count=1
> >
> > What's about mistakes? This interface is very easy and
> > therefore it _is_ very dangerous, isn't it?
>
> I agree. Perhaps the device should require that writing take place
> at an offset greater than zero ("dd oskip=1k"?), and attempts to
> write at offset zero should result in an immediate EINVAL or some
> such error?

I don't like that idea very much as it wouldn't map the hardware to a
simple logical model. IMHO that is exactly what a hardware driver should
do. Imagine such stuff would be done with the SCSI drivers. Ok, it is much
more dangerous for the hardware to do a cat /dev/zero >/dev/bios than
cat /dev/zero >/dev/sda, but in both cases the system is a) unusable and
needs reinstall/repair and b) can be quite easily repaired.
If this interface is made more complicated than it has to be we should
find other ways to do that:
a) only using /dev/bios as a module and don't place it in /lib/modules
b) not including it in /etc/conf.modules
c) having to load with i.e. insmod bios.o writeable=yes or sth like
that
d) having to use an ioctl to make it writeable before writing to the
flash chip

Right now writing is always only possible for the superuser, no matter how
the permissions of /dev/bios are.

Why exactly would you want to make it more complicated to use the driver
than it has to be. One arguement for using Linux is at least for me that
everything has a clear structure and things are kept as simple as
possible.
If you have a machine on the net and someone breaks in, it doesn't matter
whether you have a complicated driver or not - or no driver at all.
If such a guy wants to destroy your system, he doesn't even need a driver
at all to destroy the machine.

I don't think that someone does accidently something like
cat /bin/ls > /dev/bios

Taking away a driver's universal usability for "system security" or
whatever is IMHO not the way we should go.

Best regards,
Stefan.

--
.signature: no such file or directory.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu