Re: System reboot triggered by just reading a device file....!?

Re: System reboot triggered by just reading a device file....!?

[devzero]

since i have gotten more or less similar answers from here, i have talked to some more people privately.

the result is interesting:
if the person i talked to was some sysadmin or related to that (i.e. some person running servers), his opinion was very similar to mine.
if the person was a developer, he didn`t really understand why i have a problem with that. "be careful if you are root" was what i got.


one of the admins gave a good statement, which i liked very much and want to share:

"even if you are root: it`s unix philosophy, that reading is harmless!"

i never thought about that, but i think that`s exactly the point and that`s why i`m feeling uncomfortable with that.

anyway - it cost me some time to find a bug which was none  and the only mistake i did was using a tool for which i was sure did nothing more than reading. so why should i care that i was root ?

need to change my own philosophy now, because i learned that reading isn`t harmless.   ;)

regards
roland




> -----Ursprüngliche Nachricht-----
> Von: "Simon Arlott" <simon@fire.lp0.eu>
> Gesendet: 21.11.07 13:30:05
> An: devzero@web.de
> CC: "Robert Hancock" <hancockr@shaw.ca>, linux-kernel@vger.kernel.org
> Betreff: Re: System reboot triggered by just reading a device file....!?


> 
> On Wed, November 21, 2007 00:01, devzero@web.de wrote:
> >>There is.. it's called "root privileges".
> > yes, true.
> >
> > but - regardless of being a windows app or not - what if you want to take a look on your system as a whole,
> > especially when using some tool which graphically shows how and where your diskspace is being used?  if i
> > let this run from ordinary useraccount it would get lot`s of "permission denied"  and then it`s only telling
> > half of the truth.....
> 
> Such a tool shouldn't need to open any files, whether they're device files or not. Do you expect it to open
> /dev/zero etc. too and read from an infinitely sized "file"?
> 
> >> > i`d wish there would be some fence around this or iTCO_wdt /dev/watchdog not being active after a
> >> default desktop installation.
> 
> Delete it?
> 
> -- 
> Simon Arlott
> 


______________________________________________________________________________
Jetzt neu! Im riesigen WEB.DE Club SmartDrive Dateien freigeben und mit 
Freunden teilen! http://www.freemail.web.de/club/smartdrive_ttc.htm/?mc=021134

Re: System reboot triggered by just reading a device file....!?

[Clemens Koller]

devzero@web.de schrieb:

 > [was: reading /dev/watchdog triggers reboot as intended]
 > need to change my own philosophy now, because i learned that reading isn`t harmless.   ;)

If you want to protect you from your curiosity (or from reading anything),
you could just disable the watchdog in the kernel.
See: Device Drivers -> Character devices -> Watchdog Timer Support -> ...

Regards,
-- 
Clemens Koller
__________________________________
R&D Imaging Devices
Anagramm GmbH
Rupert-Mayer-Straße 45/1
Linhof Werksgelände
D-81379 München
Tel.089-741518-50
Fax 089-741518-19
http://www.anagramm-technology.com

Re: System reboot triggered by just reading a device file....!?

[devzero]

Hi Clemens, 

thanks, but i know i could do this.

this thread is not meant to protect myself from this curiousity but it is meant to protect others.
it`s a trap. 
i stepped into that.
now i know that trap, so i can easily sidestep.

but most people using linux don`t know about the watchdog, so i don`t think they will know about this trap. 
you can`t make that become common knowledge.

and we can`t expect that they will find out _what`s_ the trap at all, if they step into.
having this behaviour documented is like putting a sign "don`t step into this" at the back of the trap 

so why shouldn`t we help them avoiding it ?

it maybe very seldom that someone steps into this. 
but it may happen and then someone will have trouble and spend time on this.
i think every admin can tell you about weird random reboots of his systems which he cannot explain what was the reason for it.
this maybe some of those reasons and this one could be avoided. 
i`m thinking of something simple like echo "now you`re armed" > /dev/watchdog

regards
roland


> -----Ursprüngliche Nachricht-----
> Von: "Clemens Koller" <clemens.koller@anagramm.de>
> Gesendet: 22.11.07 21:43:15
> An: devzero@web.de
> CC: Simon Arlott <simon@fire.lp0.eu>, Robert Hancock <hancockr@shaw.ca>,  linux-kernel@vger.kernel.org
> Betreff: Re: System reboot triggered by just reading a device file....!?


> 
> devzero@web.de schrieb:
> 
>  > [was: reading /dev/watchdog triggers reboot as intended]
>  > need to change my own philosophy now, because i learned that reading isn`t harmless.   ;)
> 
> If you want to protect you from your curiosity (or from reading anything),
> you could just disable the watchdog in the kernel.
> See: Device Drivers -> Character devices -> Watchdog Timer Support -> ...
> 
> Regards,
> -- 
> Clemens Koller
> __________________________________
> R&D Imaging Devices
> Anagramm GmbH
> Rupert-Mayer-Straße 45/1
> Linhof Werksgelände
> D-81379 München
> Tel.089-741518-50
> Fax 089-741518-19
> http://www.anagramm-technology.com
> 


______________________________________________________________________________
Jetzt neu! Im riesigen WEB.DE Club SmartDrive Dateien freigeben und mit 
Freunden teilen! http://www.freemail.web.de/club/smartdrive_ttc.htm/?mc=021134

Re: System reboot triggered by just reading a device file....!?

[devzero]

>There is.. it's called "root privileges".
yes, true.

but - regardless of being a windows app or not - what if you want to take a look on your system as a whole, especially when using some tool which graphically shows how and where your diskspace is being used?  if i let this run from ordinary useraccount it would get lot`s of "permission denied"  and then it`s only telling half of the truth.....

>I'd say running pretty much anything through Wine as root is 
> not a good idea, a Windows app could hose the system without even 
> meaning to through exactly such things.
yes, true indeed. but maybe wine has an option to sandbox the windows app to do only r/o access.  if that feature doesn`t exist, (set r/o flag to dosdevices) maybe it would be an useful addon.
but that`s OT here....


> -----Ursprüngliche Nachricht-----
> Von: "Robert Hancock" <hancockr@shaw.ca>
> Gesendet: 21.11.07 00:35:23
> An: devzero@web.de
> CC: linux-kernel@vger.kernel.org
> Betreff: Re: System reboot triggered by just reading a device file....!?


> 
> devzero@web.de wrote:
> > good evening, 
> > 
> > i stumbled over some funny issue when trying windirstat (like KDirStat) with wine.
> > 
> > after running that tool for a while my system rebooted. i could reproduce this with every run.
> > 
> > after some deep investigation (i thought i had stability issues with my system and spent more than an hour on this) i found out, that the reboot is being triggered by iTCO_wdt ( /dev/watchdog )
> > 
> > this is how to reproduce:
> > 
> > - be root
> > -  cat /dev/watchdog or dd if=/dev/watchdog of=/dev/zero bs=1 count=1 or .....
> > -  wait one minute........
> > 
> > *reboot*!
> > 
> > i have heard 2 opinions for now (contacted the author and also discussed on wine-devel ) that this should be expected behaviour.
> 
> Yes, it is. It's a watchdog device, it's meant to reboot the machine if 
> whatever task is poking the watchdog dies.
> 
> > being sysadmin quite a while, i cannot believe that (accidentally) reading a device file (being root or not - what does that matter) triggers a system reboot.
> > 
> > ok - when i`m root , i shouldn`t do stupid things and be careful, but i thought reading/crawling trough a filesystem (r/o, btw.) with some tool which is built to do exactly this wasn`t so stupid - even from within wine.
> 
> I would say that running a Windows tool that opens up and reads random 
> files, on the /dev directory tree, as root, probably does qualify as 
> "stupid". I'd say running pretty much anything through Wine as root is 
> not a good idea, a Windows app could hose the system without even 
> meaning to through exactly such things.
> 
> > 
> > think of an admin writing a quick&dirty script for intrusion detection (find / -exec md5sum {} \; >/tmp/need-no-tripwire) and forgetting to exclude /dev, /sys or /proc appropriately......
> > think of someone exporting "/" via samba (readonly) and then navigating trough the /dev directory....
> > 
> > stupid?
> > i don`t think so.....i have seen worse things...... :)
> > 
> > should someone get punished  by an accidental system reboot and should he need to spend his time on this to investigate why this happens?
> > 
> > i`d wish there would be some fence around this or iTCO_wdt /dev/watchdog not being active after a default desktop installation.
> 
> There is.. it's called "root privileges".
> 
> > 
> > i`d be interested if i`m the only one who thinks this is strange/dangerous behaviour.
> > 
> > regards
> > roland
> 
> 
> -- 
> Robert Hancock      Saskatoon, SK, Canada
> To email, remove "nospam" from hancockr@nospamshaw.ca
> Home Page: http://www.roberthancock.com/
> 
> 


__________________________________________________________________________
Erweitern Sie FreeMail zu einem noch leistungsstärkeren E-Mail-Postfach!		
Mehr Infos unter http://produkte.web.de/club/?mc=021131

Re: System reboot triggered by just reading a device file....!?

[Simon Arlott]

On Wed, November 21, 2007 00:01, devzero@web.de wrote:
>>There is.. it's called "root privileges".
> yes, true.
>
> but - regardless of being a windows app or not - what if you want to take a look on your system as a whole,
> especially when using some tool which graphically shows how and where your diskspace is being used?  if i
> let this run from ordinary useraccount it would get lot`s of "permission denied"  and then it`s only telling
> half of the truth.....

Such a tool shouldn't need to open any files, whether they're device files or not. Do you expect it to open
/dev/zero etc. too and read from an infinitely sized "file"?

>> > i`d wish there would be some fence around this or iTCO_wdt /dev/watchdog not being active after a
>> default desktop installation.

Delete it?

-- 
Simon Arlott

Re: System reboot triggered by just reading a device file....!?

[Robert Hancock]

devzero@web.de wrote:
> good evening, 
> 
> i stumbled over some funny issue when trying windirstat (like KDirStat) with wine.
> 
> after running that tool for a while my system rebooted. i could reproduce this with every run.
> 
> after some deep investigation (i thought i had stability issues with my system and spent more than an hour on this) i found out, that the reboot is being triggered by iTCO_wdt ( /dev/watchdog )
> 
> this is how to reproduce:
> 
> - be root
> -  cat /dev/watchdog or dd if=/dev/watchdog of=/dev/zero bs=1 count=1 or .....
> -  wait one minute........
> 
> *reboot*!
> 
> i have heard 2 opinions for now (contacted the author and also discussed on wine-devel ) that this should be expected behaviour.

Yes, it is. It's a watchdog device, it's meant to reboot the machine if 
whatever task is poking the watchdog dies.

> being sysadmin quite a while, i cannot believe that (accidentally) reading a device file (being root or not - what does that matter) triggers a system reboot.
> 
> ok - when i`m root , i shouldn`t do stupid things and be careful, but i thought reading/crawling trough a filesystem (r/o, btw.) with some tool which is built to do exactly this wasn`t so stupid - even from within wine.

I would say that running a Windows tool that opens up and reads random 
files, on the /dev directory tree, as root, probably does qualify as 
"stupid". I'd say running pretty much anything through Wine as root is 
not a good idea, a Windows app could hose the system without even 
meaning to through exactly such things.

> 
> think of an admin writing a quick&dirty script for intrusion detection (find / -exec md5sum {} \; >/tmp/need-no-tripwire) and forgetting to exclude /dev, /sys or /proc appropriately......
> think of someone exporting "/" via samba (readonly) and then navigating trough the /dev directory....
> 
> stupid?
> i don`t think so.....i have seen worse things...... :)
> 
> should someone get punished  by an accidental system reboot and should he need to spend his time on this to investigate why this happens?
> 
> i`d wish there would be some fence around this or iTCO_wdt /dev/watchdog not being active after a default desktop installation.

There is.. it's called "root privileges".

> 
> i`d be interested if i`m the only one who thinks this is strange/dangerous behaviour.
> 
> regards
> roland


-- 
Robert Hancock      Saskatoon, SK, Canada
To email, remove "nospam" from hancockr@nospamshaw.ca
Home Page: http://www.roberthancock.com/

System reboot triggered by just reading a device file....!?

[devzero]

good evening, 

i stumbled over some funny issue when trying windirstat (like KDirStat) with wine.

after running that tool for a while my system rebooted. i could reproduce this with every run.

after some deep investigation (i thought i had stability issues with my system and spent more than an hour on this) i found out, that the reboot is being triggered by iTCO_wdt ( /dev/watchdog )

this is how to reproduce:

- be root
-  cat /dev/watchdog or dd if=/dev/watchdog of=/dev/zero bs=1 count=1 or .....
-  wait one minute........

*reboot*!

i have heard 2 opinions for now (contacted the author and also discussed on wine-devel ) that this should be expected behaviour.

being sysadmin quite a while, i cannot believe that (accidentally) reading a device file (being root or not - what does that matter) triggers a system reboot.

ok - when i`m root , i shouldn`t do stupid things and be careful, but i thought reading/crawling trough a filesystem (r/o, btw.) with some tool which is built to do exactly this wasn`t so stupid - even from within wine.

think of an admin writing a quick&dirty script for intrusion detection (find / -exec md5sum {} \; >/tmp/need-no-tripwire) and forgetting to exclude /dev, /sys or /proc appropriately......
think of someone exporting "/" via samba (readonly) and then navigating trough the /dev directory....

stupid?
i don`t think so.....i have seen worse things...... :)

should someone get punished  by an accidental system reboot and should he need to spend his time on this to investigate why this happens?

i`d wish there would be some fence around this or iTCO_wdt /dev/watchdog not being active after a default desktop installation.

i`d be interested if i`m the only one who thinks this is strange/dangerous behaviour.

regards
roland


_____________________________________________________________________
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
http://smartsurfer.web.de/?mc=100071&distributionid=000000000066

Re: System reboot triggered by just reading a device file....!?

[Matt Mackall]

On Wed, Nov 21, 2007 at 12:06:57AM +0100, devzero@web.de wrote:
> - be root

That's your first mistake.

> -  cat /dev/watchdog or dd if=/dev/watchdog of=/dev/zero bs=1 count=1 or .....
> -  wait one minute........
> 
> *reboot*!

And that's the defined behavior of /dev/watchdog, yes. Many years too
late to change it.

> i have heard 2 opinions for now (contacted the author and also discussed on wine-devel ) that this should be expected behaviour.
> 
> being sysadmin quite a while, i cannot believe that (accidentally) reading a device file (being root or not - what does that matter) triggers a system reboot.

If /dev/watchdog can be opened by non-root, that's an installation
error.

-- 
Mathematics is the supreme nostalgia of our time.