Subject: Re: new kpi proposal, sysdisk(9)
To: Bill Studenmund <>
From: Thor Lancelot Simon <>
List: tech-security
Date: 12/30/2006 14:50:29
On Fri, Dec 29, 2006 at 10:15:25PM -0800, Bill Studenmund wrote:
> You did make that clear. However I don't understand why you want to limit 
> access to the whole disk.
> Either raw access to the partition is bounded to within the partition or I 
> don't understand something. If it's bounded, and the partition doesn't 
> overlap anything, I don't see what the harm is.

You can't know where on the disk the datastructure that actually defines
the partition boundaries is kept, in an MI way.  There are a large number
of fairly subtle attacks that take advantage of this problem: for example,
changing the boundaries of two mounted filesystems so they overlap one
another, and tricking the kernel into corrupting one or the other of them
in a way that lets you increase privilege.

If you put your mind to it, I don't think you'll have trouble thinking of
other ways to exploit access to "some arbitrary part of the disk, so long
as it's not mounted now" to overwrite "what's mounted now".