dragoran <dragoran(a)feuerpokemon.de> writes:
how could this lets a user become root?
Compromising firmware of one device on IDE bus = at least
compromising both master and slave.
did one of this ever happend before 2.6.8.1 ?
become root -> I am sure that this never happend (using a scsi command)
How about some proof? Security is not about "being sure".
2 one possible but in that case we should block the commands that
can
damage the drive simply blocking almost all commands is no solution....
How do you know which commands are dangerous? There is no standard
for that. Chances are the standard commands are safe but nothing
more.
--
Krzysztof Halasa