From owner-freebsd-hackers@FreeBSD.ORG Sun Apr 3 14:52:26 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5855416A4CE; Sun, 3 Apr 2005 14:52:26 +0000 (GMT) Received: from marlena.vvi.at (marlena.vvi.at [208.252.225.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id D453743D41; Sun, 3 Apr 2005 14:52:25 +0000 (GMT) (envelope-from www@marlena.vvi.at) Received: from marlena.vvi.at (localhost.marlena.vvi.at [127.0.0.1]) by marlena.vvi.at (8.12.10/8.12.9) with ESMTP id j33Eqhh3078326; Sun, 3 Apr 2005 07:52:44 -0700 (PDT) (envelope-from www@marlena.vvi.at) Received: (from www@localhost) by marlena.vvi.at (8.12.10/8.12.10/Submit) id j33EqbMG078325; Sun, 3 Apr 2005 07:52:37 -0700 (PDT) (envelope-from www) Date: Sun, 3 Apr 2005 07:52:37 -0700 (PDT) Message-Id: <200504031452.j33EqbMG078325@marlena.vvi.at> Content-Type: multipart/mixed; boundary="----------=_1112539957-78324-0" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) From: "ALeine" To: sos@FreeBSD.org cc: freebsd-hackers@FreeBSD.org Subject: ATA security commands, bug in atacontrol X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Apr 2005 14:52:26 -0000 This is a multi-part message in MIME format... ------------=_1112539957-78324-0 Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary Recent c't magazine article "At Your Disservice - How ATA security functions jeopardize your data", which you can find at the URL below, warns about the dangers of ATA security commands. Specifically, a malicious attacker with sufficient access could render a disk useless to the legitimate owner of the disk by setting the 32 byte user and master passwords using the ATA security command 0xf1. http://www.heise.de/ct/english/05/08/172/ To prevent such attacks in case of compromise one can issue the ATA security freeze lock command 0xf5, which disables further ATA security commands until the next cold boot. Software for issuing the ATA security freeze lock command has been made available at the URL below. http://www.heise.de/ct/ftp/projekte/atasecurity/ There is a patched version of the Linux hdparm utility there, but the c't guys seem to have neglected the BSD world, they have not even mentioned the fact that OpenBSD's atactl(8) already supports this command as well as all the other ATA security commands, as can be seen at the URL below. http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/atactl/ Currently FreeBSD's atacontrol(8) has no support for ATA security commands, so I would like to know if adding the ATA security features is a priority on the TODO list. I would like to see these features implemented and I would also be willing to port the code from OpenBSD if there are some more experienced kernel developers who would be willing to review my code and commit it? Let me know. One more thing: while browsing through src/sbin/atacontrol.c I noticed a copy & paste bug in the RELENG_4 version where the SMART feature info is reported instead of the security feature info (by atacontrol cap). I attached the appropriate patch for this bug, please review it and commit the fix as appropriate. ALeine ___________________________________________________________________ WebMail FREE http://mail.austrosearch.net ------------=_1112539957-78324-0 Content-Type: text/plain; name="atacontrol.c.20050403.RELENG_4.patch" Content-Disposition: inline; filename="atacontrol.c.20050403.RELENG_4.patch" Content-Transfer-Encoding: 8bit --- src/sbin/atacontrol.c.old Sun Apr 3 14:41:32 2005 +++ src/sbin/atacontrol.c Sun Apr 3 14:41:50 2005 @@ -158,8 +158,8 @@ parm->enabled.microcode ? "yes" : "no"); printf("security %s %s\n", - parm->support.smart ? "yes" : "no", - parm->enabled.smart ? "yes" : "no"); + parm->support.security ? "yes" : "no", + parm->enabled.security ? "yes" : "no"); printf("power management %s %s\n", parm->support.power_mngt ? "yes" : "no", ------------=_1112539957-78324-0--