Date: Wed, 13 Aug 2003 09:48:12 +1200 From: Craig Carey <snowfall@gmx.co.uk> To: freebsd-fs@freebsd.org Cc: FreeBSD Security Officer <security-officer@freebsd.org> Subject: "security" prevents destruction of hard disks Message-ID: <5.2.0.9.2.20030813034319.022db700@pop.qsi.net.nz>
next in thread | raw e-mail | index | archive | help
The sysinstall installer is able to delete most of a hard disk. http://www.freebsd.org/cgi/query-pr.cgi?pr=i386/29375 [1 Aug 2001] "the disk editor used by /stand/sysinstall gets confused by slices that are not labelled in order and writes the partition table incorrectly." http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/47384 [22 Jan 2003] "Machine has two disks, ad0 (existing 5.0 system) and da0 (scratch disk). Selecting da0 as the target for 'partition' and then following that by the sequence 'label/distribution/commit' results in a wiped ad0." For bug i386/29375 [disordered primary partitions], the bug is outside of the "sysinstall" directory. The i386/29375 bug report does not mention data loss but I guess that is the bug that got a big fraction of one of my hard disks a few years ago. Now reasonably priced IDE hard disk is about 160GB in size. FreeBSD can delete the data on that. The OECD 1980 principles of the 'Guidelines on the Protection of Privacy and Transborder Flows of Personal Data' (Paris, 1980) rule out the loss of personal information in computers. Here is that principle quoted: >--------------------------------------------------------------------------- >| Security Safeguards Principle >| >| 5. Personal data should be protected by reasonable security safeguards >| against such risks as loss or unauthorised access, destruction, use, >| modification or disclosure of data. >--------------------------------------------------------------------------- ... >A copy of the OECD Guidelines is here: > >http://www.anu.edu.au/people/Roger.Clarke/DV/OECDPs.html >http://www.anu.edu.au/people/Roger.Clarke/DV/PaperOECD.html > (pages by Mr R. Clarke, Canberra) FreeBSD seems to be have a mailing list FreeBSD Security Advisories <security-advisories@freebsd.org> that is about attacks. The postmaster's (Mr Bresler's) attacks on the public got me unsubscribed in Aug 2002. I never rejoined. It was a list that was always indifferent to data loss. Has FreeBSD embraced a defective unacceptable definition of the idea of "security" ?. These attacks are basically undocumented and there are basically no numbers available. Because of such an onslaught of attacks against FreeBSD, seemingly all *@freebsd.org addresses were having some of their e-mail secretly black=-hole deleted in March and April 2002 but perhaps for senders having no IP number for a very-wrongly LHS truncated hostname. There seemed to be no way to get reasoning from the postmaster (Jon Bresler). The expected bounce messages did not exist. It was all justified as being due to security. It is probably hitting down those innocent ISP in accordance with the hopes of the FreeBSD 'security' officers. Security of computers (at least in Europe) also embraces this idea >Openness Principle > >6. There should be a general policy of openness about developments, > practices and policies with respect to personal data. Means should > be readily available of establishing the existence and nature of > personal data, and the main purposes of their use, as well as the > identity and usual residence of the data controller. Is this correct: legal quality top filesystem programmers must be careful to avoid using the word "security". H Stopping probs from users and i-nets from influencing or knowing. Big government agencies in a rush and hoping for a way to skip checking FreeBSD, would want to look at the version rewrite of security ideals of protecting the common person from the whole gamut of problems that computers present, with some of the hardest to correct being wrong decisions of security officials. C Carey Hitech controversially notes that the GPL allows high charges and withholding for their Gcc-based C compiler: http://gcc.gnu.org/ml/gcc/2003-08/msg00731.html 12 Aug 2003 A FreeBSD project that aims to get the BSD code redesigned: http://www.dragonflybsd.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.2.0.9.2.20030813034319.022db700>