lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 29 Sep 2008 21:02:30 +0200
From: Florian Weimer <fw@...eb.enyo.de>
To: Theo de Raadt <deraadt@....openbsd.org>
Cc: Brett Lymn <blymn@...systems.com.au>,
	B 650 <dunc.on.usenet@...glemail.com>, bugtraq@...urityfocus.com
Subject: Re: Sun M-class hardware denial of service

* Theo de Raadt:

>> On the other hand, I generally prefer a "trust me, I know what I'm
>> doing" switch on the systems I deal with.  It's really frustrating if a
>> system tries to protect itself from me, and consequently fails to comply
>> with the actual requirements in this situation.
>
> As well, note that a power-off of the system is apparently not
> sufficient (or so I am led to understand).

Yes, obviously, otherwise you could run on hardware which has been
detected as faulty.

If my theory is correct, it would have been possible to avoid the
power-off by replacing the hardware in that domain.  You should be able
to clear the fault information in the affected FRUs off-line (which
probably requires some magic numbers, too), and mount them in a
different enclosure.

> That isn't just the system protecting you from yourself; that's a
> non-clearable fault causing multiple service calls.

Hey, after all, you are tampering business records related to your
support contract. 8-/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ