Truth be told, as security-minded admins and computer users we concern ourselves more with the threats posed by Internet borne bugs and hackers in far away places than we do about the physical threats to our systems.

Even so, we rely on security systems, cable locks and good old common sense to keep PCs from theft, unauthorized access and physical damage. All well and good but despite all of these precautions, harm can come to your PC in unexpected ways. And by unexpected, we mean a seemingly innocent Mandrake Linux 9.2 install.

"Linux?! Surely not," you may be thinking. Indeed, this sad tale doesn't even have a Microsoft angle. No, this time around the threat comes in the form of a plain old hardware incompatibility.

Mandrake Linux 9.2 just does not play well with LG Electronics CD-ROM drives. This is not a case of flaky drivers; the problematic distro can actually cause the affected drives to literally stop working. It can be argued that the OS isn't entirely to blame since the drives seem to stray somewhat from industry specs.

True, you may not remember the last time you even saw an LG-branded product, let alone put one into your box. Nonetheless, can you be 100% sure that your CD drive's innards aren't from LG? It turns out that LG is an OEM supplier to computer makers such as Dell.

No need to panic. Even if one falls victim to this bug, CD drives are relatively inexpensive these days. Still, it may be better to hold off on larger Mandrake deployments until everything is in order.

Direct link to this week's spotlight thread:

Mandrake 9.2 Warning

Excerpts:

Syini666 has some bad news for those considering a Mandrake install.

It seems Mandrake 9.2 kills LG based cd drives upon attempting the install process, and a reboot shows the drive to be completely dead. Here is a direct quote from the Mandrake Errata Page quote:

Error scenario: Installing 9.2 and being told unable to install the base system and subsequent reboot reveals that CD-ROM drive is physically dead.

Why: According to LG Electronics, their ODD (Optical Disc Drive) products do not support Linux nor do they test with Linux. Unfortunately, many Dell computers (possibly others) come with these CD-ROM drives.

Solution: Currently there is no solution or work-around for this issue; it is still under investigation. Damage occurs even when doing a network install. At this point, please do not install Mandrake Linux 9.2 on any computer containing a LG-based CD-ROM drive or it will damage your CD-ROM drive! We are actively looking for a solution to this problem.

Well.. Here it is. The final decision on what the cause was from Mandrake's Errata Site:

The problem was that the kernel would send a FLUSH_CACHE command to the LG CD-ROM drive, which would make the drive inoperable by overwriting its firmware. This is because LG CD-ROM drives are not compliant with the ATAPI specification. The specification does not require an implementation of the FLUSH_CACHE command in the driver, and returning an error (or doing nothing) would have been the correct behaviour for the drive. Likewise, reusing a command is against the specification and LG has reused the FLUSH_CACHE command to modify the firmware of the drive, but they are unwilling to disclose exactly what the command does. This FLUSH_CACHE command is supposed to be supported only by CD-RW or DVD-RW devices; the LG-based CD-ROM devices are understanding this command as the UPLOAD_FIRMWARE command.

A new kernel (2.4.22-21mdk) has been released that fixes this problem in the kernel, although the CD-ROM devices are still not up to specification. New CDs and ISOs will be available shortly to correct these problems; they will come with the new kernel.

What is AntiOnline?

AntiOnline (AO) is home to many of the most popular network security discussion forums online. Here, participants engage in candid, thought-provoking and enlightening exchanges on security hazards and how to protect your systems against them.