See also: last week's Kernel page.

Kernel development

The current stable kernel release is still 2.2.16. No new 2.2.17 prepatches have come out in the last week - Alan was too busy drinking beer in Ottawa.

Alan Cox is pulling out of 2.4 work, at least for now. He apparently just does not have the time to put into it. He made that clear with his posting of the latest 2.4 status page - "Dont mail me updates, find someone else to maintain it."

This is a problem. Alan has been a crucial part of the release process for a long time. Somehow he has managed to keep on top of the vast majority of the issues out there. His ability to track problems and to understand what is really important is perhaps unparalleled. His absence is guaranteed to make it harder to put out a stable 2.4 in a short time period.

Linus has recognized this problem in his call for a new status list maintainer.

In short: it's important. And it's something that Alan did for both 2.0 and 2.2. Nobody can quite live up to "being Alan", but hey, if you don't like long beards you may be just as heppy knowing that.

Thankfully, a candidate has actually been crazy enough to step forward and volunteer for this job - it's Ted Ts'o. Ted is an accomplished kernel hacker, but he also has a balanced and calm approach to issues and commands a good deal of respect. This issue was still developing as this page was written, and it was not yet clear that Ted would end up performing this function. But it looks like a good resolution to the problem.

Turning disks to bricks with Linux. Andre Hedrick is the maintainer of the Linux IDE/ATA subsystem; as such, he works with a piece of code that is critical to the vast majority of Linux users. He also sits on the ATA standards committee, and understands well the ups and downs of how the protocol works.

He recently discovered a significant "down." It seems that there are certain ATA commands that can be sent to a drive which will cause it to destroy itself. Andre posted a thing he called disk-destroyer.c which will use an IDE command to trash the partition table on a disk, thus rendering all data inaccessible. Apparently, however, there are other variants possible which will cause the drive to wipe out its firmware, thus turning it into a true brick.

Now, a Linux system is not normally programmed to do such things. But a malicious user program using the ioctl system call is able to bring about this sort of result. Andre saw this as a serious problem, and responded with a major patch to the IDE subsystem; essentially he put in a protocol verification layer which filters out everything that doesn't look like a proper command.

The response to the patch was largely negative. Quite a few objections were raised, including:

• Sometime soon, one hopes, the 2.4.0 kernel will be released. Now is not the time to destabilize things with a major rewrite of a crucial kernel subsystem.

• Since only root can execute the offending code, there is not a security problem here. The disk destruction code can only be run if the system is already compromised - and a root user has many other ways of destroying data. Filtering dangerous commands in the IDE driver does not even really prevent them from being issued. A truly malicious user can load a new driver, or even shove commands out the ports directly from user space.

• The root account should be able to do anything - including destroy hardware. Putting restrictions on what root can do is a step toward the "dumbing down" of Linux.

Let's take a hypothetial example (you judge on just _how_ hypothetical it actually is): imagine that you have a drive that can be made to refuse to read certain removable media based on where the drive was purchased. Imagine that this was actually done in firmware, and that there was a way of overriding it. Imagine further that you moved, and you wanted to make the drive read certain removable media in the new location, using undocumented commands..

Should the kernel block those commands because it doesn't know what they do?

Given that the example is in no way hypothetical, this is a point that should be kept in mind.

Andre did not, shall we say, take this rejection well. The exchange was long and heated, and is not worth reproducing here. While it is a stretch to say that a consensus was reached, most people seem to have concluded that the drive manufacturers have erred by implementing destructive commands with no sort of protection (a physical jumper, cryptographic verification or both). Andre has now sent a proposed standard change to address the issue. The problem is now back in the court of the drive manufacturers.

But then, according to Andre's alleged final post on the issue the standards committee is not particularly concerned by the problem. It may take a "disk2brick" virus to get their attention.

A new Linux NFS FAQ is up on nfs.sourceforge.net. It covers a number of issues regarding the current status of Linux NFS. Ironically, it was unavailable for a while due to, well, NFS problems on SourceForge...

Other patches and updates released this week include:

• Modutils 2.3.13 was released by Keith Owens.

• The Linux Kernel Source Reference has been announced by Thomas Graichen. It is an interface to a CVS server containing the kernel source, and can be used to look at the code and investigate changes between releases.

• Bartlomiej Zolnierkiewicz has released IDE-Info 0.0.4.

• Robert de Vries has posted a new version of his POSIX timer patch.

• CML2 0.7.4, the new kernel configuration and build system, was released by Eric Raymond.

• Ulrich Windl has updated his PPSkit (nanosecond timers) patch.

• Mike Phillips has released a driver for the 3Com 3C359 Token Ring PCI Velocity XL adapter.

• Claus-Justus Heine, who claimed he was done with FTape patches, has released ftape 4.04. It was quickly followed by ftape 4.04a, which fixes a problem that turned up.

Section Editor: Jonathan Corbet

For other kernel news, see: Kernel traffic Kernel Newsflash Kernel Trap 2.5 Status

Other resources: L-K mailing list FAQ Linux-MM Linux Scalability Effort Kernel Newbies Linux Device Drivers

Next: Distributions