ATA security commands, bug in atacontrol

ALeine aleine at austrosearch.net
Sun Apr 3 07:52:26 PDT 2005 

Recent c't magazine article "At Your Disservice - How ATA security functions
jeopardize your data", which you can find at the URL below, warns about the
dangers of ATA security commands. Specifically, a malicious attacker with
sufficient access could render a disk useless to the legitimate owner of
the disk by setting the 32 byte user and master passwords using the ATA
security command 0xf1.

http://www.heise.de/ct/english/05/08/172/

To prevent such attacks in case of compromise one can issue the ATA security
freeze lock command 0xf5, which disables further ATA security commands until
the next cold boot. Software for issuing the ATA security freeze lock command
has been made available at the URL below.

http://www.heise.de/ct/ftp/projekte/atasecurity/

There is a patched version of the Linux hdparm utility there, but the c't
guys seem to have neglected the BSD world, they have not even mentioned the
fact that OpenBSD's atactl(8) already supports this command as well as all
the other ATA security commands, as can be seen at the URL below.

http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/atactl/

Currently FreeBSD's atacontrol(8) has no support for ATA security commands,
so I would like to know if adding the ATA security features is a priority
on the TODO list. I would like to see these features implemented and I would
also be willing to port the code from OpenBSD if there are some more
experienced kernel developers who would be willing to review my code and
commit it? Let me know.

One more thing: while browsing through src/sbin/atacontrol.c I noticed a
copy & paste bug in the RELENG_4 version where the SMART feature info is
reported instead of the security feature info (by atacontrol cap). I attached
the appropriate patch for this bug, please review it and commit the fix as
appropriate.

ALeine
___________________________________________________________________
WebMail FREE http://mail.austrosearch.net 
-------------- next part --------------
--- src/sbin/atacontrol.c.old	Sun Apr  3 14:41:32 2005
+++ src/sbin/atacontrol.c	Sun Apr  3 14:41:50 2005
@@ -158,8 +158,8 @@
 		parm->enabled.microcode ? "yes" : "no");	
 
 	printf("security                       %s	%s\n",
-		parm->support.smart ? "yes" : "no",
-		parm->enabled.smart ? "yes" : "no");	
+		parm->support.security ? "yes" : "no",
+		parm->enabled.security ? "yes" : "no");	
 
 	printf("power management               %s	%s\n",
 		parm->support.power_mngt ? "yes" : "no",

More information about the freebsd-hackers mailing list