Re: disk-destroyer.c

• Next message: Stephen Frost: "Re: disk-destroyer.c"
• Previous message: bodnar42@bodnar42.dhs.org: "Re: TO HELL WITH IT THEN......(re: disk-destroyer.c)"
• Maybe in reply to: Andre Hedrick: "disk-destroyer.c"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Russell King (rmk@arm.linux.org.uk) writes:
> PLEASE DO NOT CC: ME - I DO NOT WANT TWO SETS OF THIS CRAP IN MY
> MAILBOX.

But you CC:'ed me first :-)

> I have read this entire thread so far, and I'm disgusted by the
> reaction I'm seeing. Is this the response of a forward thinking
> constructive development community, or a war zone where features
> that might improve stuff must be fought off at every corner? Sounds
> more like a certain commercial company that I want to avoid.

Mark Gray writes:
>> The thing is, Western Digital has activeX apps on their site which
>> will do low level Disk diagnostics, which means an activeX app can
>> also be written to do a low level format (poorly!) or rewrite the
>> firmware. If root can load a module or write to /dev/kmem there is
>> nothing to prevent him doing anything to the hardware he feels
>> like, driver or no driver. If someone gets root on a box then the
>> "admin" did not take proper precautions, which makes it even less
>> likely that he set capabilities to prevent a hostile root from
>> "having his way."
                                                                                                   
> Hey, can we stop having a go at Andre please?

Actually I was in fact trying to calm him down by explaining what
others were saying -- the only protection a Linux box has from root in
the end is properly configured capabilities. (It is strange how the
email and usenet mediums distort small technical disagreements into
flame fests -- room for a sociology PhD there I suspect.)

There is nothing a driver can do to stop root from having his way
without properly configured capabilities. Alan Cox has made the
correct suggestion: Use a capability to disable access to this ioctl.
"Policing" the ATA spec in this case is a totally userland problem --
atautils anyone?

But there is a great deal more to this then you seem to realize -- and
somehow unseen kernel politics are in play in the wild and wooly
fiefdom of ide. If you go back and read every article Andre has
written from when he first became "The IDE guy" and actually realize
that _he_ started the whole issue by complaining that everyone was
ignoring his "exploit" you will begin to see something has gone wrong
that has nothing at all do to with IDE problems. (If someone knows
him personally please try to help him.)

[snip]

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Stephen Frost: "Re: disk-destroyer.c"
• Previous message: bodnar42@bodnar42.dhs.org: "Re: TO HELL WITH IT THEN......(re: disk-destroyer.c)"
• Maybe in reply to: Andre Hedrick: "disk-destroyer.c"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:17 EST