From nobody@FreeBSD.org  Mon Feb 28 02:08:03 2000
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 556E737B8AD
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 28 Feb 2000 02:08:02 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id CAA17460;
	Mon, 28 Feb 2000 02:08:02 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Message-Id: <200002281008.CAA17460@freefall.freebsd.org>
Date: Mon, 28 Feb 2000 02:08:02 -0800 (PST)
From: chris.smith@raytheon.co.uk
Sender: nobody@FreeBSD.org
To: freebsd-gnats-submit@FreeBSD.org
Subject: Kernel auto-reboot on write to write protected floppy.
X-Send-Pr-Version: www-1.0

>Number:         17040
>Category:       i386
>Synopsis:       Kernel auto-reboot on write to write protected floppy.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 28 02:10:01 PST 2000
>Closed-Date:    Tue Feb 29 06:30:39 PST 2000
>Last-Modified:  Tue Feb 29 06:31:43 PST 2000
>Originator:     Chris Smith
>Release:        3.4-RELEASE
>Organization:
Raytheon Systems Limited
>Environment:
uname as 3.4-RELEASE kernel.GENERIC on P3-500 system.
>Description:
When writing an image to a floppy which is write protected!) using the dd command, there appears to be a buffer related problem and the system automatically reboots itself.
>How-To-Repeat:
Get an _OpenBSD_ .fs installation image for i386 architecture, write protect a floppy and poke it in the drive and as root execute the following command:-

# dd if=floppy26.fs of=/dev/fd0

..20 secs later, the kernel reboots the system.  Help!  this does this in userland too if I was kind enough to give the user access to the floppy drive.  This could be used agains a FreeBSD box as an attack.
>Fix:
No fix known.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: sheldonh 
State-Changed-When: Tue Feb 29 06:30:39 PST 2000 
State-Changed-Why:  
Duplicate of numerous other PRs containing much more detail on 
the problem.  The short answer is "be aware of the problem and 
don't do that".  The long answer is that it's a lot of work to 
fix. :-) 
>Unformatted:
