Re: System reboot triggered by just reading a device file....!?

[Robert Hancock <hancockr@shaw.ca>]

devzero@web.de wrote:
> good evening, 
> 
> i stumbled over some funny issue when trying windirstat (like KDirStat) with wine.
> 
> after running that tool for a while my system rebooted. i could reproduce this with every run.
> 
> after some deep investigation (i thought i had stability issues with my system and spent more than an hour on this) i found out, that the reboot is being triggered by iTCO_wdt ( /dev/watchdog )
> 
> this is how to reproduce:
> 
> - be root
> -  cat /dev/watchdog or dd if=/dev/watchdog of=/dev/zero bs=1 count=1 or .....
> -  wait one minute........
> 
> *reboot*!
> 
> i have heard 2 opinions for now (contacted the author and also discussed on wine-devel ) that this should be expected behaviour.

Yes, it is. It's a watchdog device, it's meant to reboot the machine if 
whatever task is poking the watchdog dies.

> being sysadmin quite a while, i cannot believe that (accidentally) reading a device file (being root or not - what does that matter) triggers a system reboot.
> 
> ok - when i`m root , i shouldn`t do stupid things and be careful, but i thought reading/crawling trough a filesystem (r/o, btw.) with some tool which is built to do exactly this wasn`t so stupid - even from within wine.

I would say that running a Windows tool that opens up and reads random 
files, on the /dev directory tree, as root, probably does qualify as 
"stupid". I'd say running pretty much anything through Wine as root is 
not a good idea, a Windows app could hose the system without even 
meaning to through exactly such things.

> 
> think of an admin writing a quick&dirty script for intrusion detection (find / -exec md5sum {} \; >/tmp/need-no-tripwire) and forgetting to exclude /dev, /sys or /proc appropriately......
> think of someone exporting "/" via samba (readonly) and then navigating trough the /dev directory....
> 
> stupid?
> i don`t think so.....i have seen worse things...... :)
> 
> should someone get punished  by an accidental system reboot and should he need to spend his time on this to investigate why this happens?
> 
> i`d wish there would be some fence around this or iTCO_wdt /dev/watchdog not being active after a default desktop installation.

There is.. it's called "root privileges".

> 
> i`d be interested if i`m the only one who thinks this is strange/dangerous behaviour.
> 
> regards
> roland


-- 
Robert Hancock      Saskatoon, SK, Canada
To email, remove "nospam" from hancockr@nospamshaw.ca
Home Page: http://www.roberthancock.com/