LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Survey: Linux kernel quality

Survey: Linux kernel quality

Posted Jul 10, 2006 18:26 UTC (Mon) by nix (subscriber, #2304)
In reply to: Survey: Linux kernel quality by Lovechild
Parent article: Survey: Linux kernel quality

No, it's that they don't trust hostile local non-root attackers not to send commands that vape other disks on the same bus (possibly *permanently* depending on what commands they send).

And neither should you.

(Log in to post comments)

Survey: Linux kernel quality

Posted Jul 11, 2006 3:58 UTC (Tue) by Lovechild (guest, #3592) [Link]

I think you misunderstood me, it's not that I'm annoyed they are keeping me safe. In fact one of the primary reasons I use Fedora, because they work to keep me safe.

Anyways, what I meant was that FC4 burned CDs for me (and about 20 other people who CC'ed on the bug), FC5 shipped without the ability and a solution was discussed, as I cannot burn CDs nor code the solution up, I offered up 100USD (I'm hoping others will pledge as well but even a little has to count) for an acceptable solution. This being the only longterm bug I've experienced in about 2 years, I'm very pleased with, and grateful for, the Linux kernel.

However I think functionality regressions are bad things in all but a few cases.

I hope it gets fixed shortly since it's preventing a personal deployment.

Survey: Linux kernel quality

Posted Jul 11, 2006 9:27 UTC (Tue) by nix (subscriber, #2304) [Link]

Hang on, you can't even burn CDs as root?

That's odd. I guess it's a bug :)

CD burning

Posted Jul 11, 2006 22:27 UTC (Tue) by dlang (✭ supporter ✭, #313) [Link]

as noted above, the vunerability was that anyone on the system could send commands to any drive to do anything to it (completely defeating security, along with potentially destroying the hardware)

the change was to eliminate this capability for non-root users (root is allowed to destroy your hardware :-)

the fix for non-root users is to set your burning software suid root. then it runs as root and is allowed to do whatever it wants.

what more are you looking for?

there has been talk about creating filters in the kernel that would allow burning specific commands but not allow other 'dangerous' commands, but nobody who is willing to talk knows what commands are nessasary (this is made even more difficult by the fact that some of the nessasary commands and the dangerous commands are, in fact, the same command with different parameters)

David Lang

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds