Re: disk-destroyer.c

Rogier Wolff (R.E.Wolff@BitWizard.nl)
Thu, 20 Jul 2000 23:56:38 +0200 (MEST)

Andre Hedrick wrote:
> On Thu, 20 Jul 2000, Paul Jakma wrote:
>
> > On Wed, 19 Jul 2000, Andre Hedrick wrote:
> >
> > >
> > > Here is the rouge program that can be slipped into CRON.
> > > A perl script......you name the access point and it gets permission
> > > KISS your DATA GONE!
> > >
> >
> > it needs root right? so with this util root can trash the disk.. so what's
> > new?
>
> All you have to do is trick the kernel into thinking the access is root.

Whenever I trick the kernel to think that I'm Accessing something as
root, I have instant permanent Root-access. Wether I can write to ONE
disk block (which happens to contain the inode of the copy of /bin/sh
that I have prepared in my homedir) or I can change the "current->uid"
in main memory.

Whenever I trick the kernel into thinking I'm root for an instant,
that can be leveraged to "permanent root" and/or a wipe of the disk.

I hope that "sending raw packets to the disk" is a priviledged
operation, and not something that simply depends on the permissions on
the disk device?

Roger.

-- 
** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
*       Common sense is the collection of                                *
******  prejudices acquired by age eighteen.   -- Albert Einstein ********


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/