| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Nov 2007 20:54:42 +0100 From: devzero@....de To: Simon Arlott <simon@...e.lp0.eu> Cc: Robert Hancock <hancockr@...w.ca>, linux-kernel@...r.kernel.org Subject: Re: System reboot triggered by just reading a device file....!? since i have gotten more or less similar answers from here, i have talked to some more people privately. the result is interesting: if the person i talked to was some sysadmin or related to that (i.e. some person running servers), his opinion was very similar to mine. if the person was a developer, he didn`t really understand why i have a problem with that. "be careful if you are root" was what i got. one of the admins gave a good statement, which i liked very much and want to share: "even if you are root: it`s unix philosophy, that reading is harmless!" i never thought about that, but i think that`s exactly the point and that`s why i`m feeling uncomfortable with that. anyway - it cost me some time to find a bug which was none and the only mistake i did was using a tool for which i was sure did nothing more than reading. so why should i care that i was root ? need to change my own philosophy now, because i learned that reading isn`t harmless. ;) regards roland > -----Ursprüngliche Nachricht----- > Von: "Simon Arlott" <simon@...e.lp0.eu> > Gesendet: 21.11.07 13:30:05 > An: devzero@....de > CC: "Robert Hancock" <hancockr@...w.ca>, linux-kernel@...r.kernel.org > Betreff: Re: System reboot triggered by just reading a device file....!? > > On Wed, November 21, 2007 00:01, devzero@....de wrote: > >>There is.. it's called "root privileges". > > yes, true. > > > > but - regardless of being a windows app or not - what if you want to take a look on your system as a whole, > > especially when using some tool which graphically shows how and where your diskspace is being used? if i > > let this run from ordinary useraccount it would get lot`s of "permission denied" and then it`s only telling > > half of the truth..... > > Such a tool shouldn't need to open any files, whether they're device files or not. Do you expect it to open > /dev/zero etc. too and read from an infinitely sized "file"? > > >> > i`d wish there would be some fence around this or iTCO_wdt /dev/watchdog not being active after a > >> default desktop installation. > > Delete it? > > -- > Simon Arlott > ______________________________________________________________________________ Jetzt neu! Im riesigen WEB.DE Club SmartDrive Dateien freigeben und mit Freunden teilen! http://www.freemail.web.de/club/smartdrive_ttc.htm/?mc=021134 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists