Sunday, October 17, 2021

Can *YOU* blow a PC speaker utilizing solely a Linux kernel driver? – Bare Safety

We don’t often put out programming appeals on Naked Security, especially when the code that we’re looking for is dangerous and destructive.

But this time we’re prepared to make an exception, given that it’s a rainy Friday afternoon where we are, and that this issue is now in its fifteenth consecutive year.

Our attention was drawn to the problem by a tweet from well-known Google cybersecurity researcher Tavis Ormandy, who tweeted today to say:

With just one exception that I know of (an email that appeared in July in 2008), the same person has emailed the Linux Kernel Mailing List (LKML) sometime in the month of June, ever since 2007, to ask the same question

Every year for 15 years in a row, including 2021, the mysterious R.F. Burns (yes, we think it’s a pun, too) has wanted to know:


    From: "R.F. Burns" 
    To: linux-kernel@vger.kernel.org
    Subject: PC speaker
    Date: Mon, 14 Jun 2021 23:32:32 -0400

    Is it possible to write a kernel module which, 
    when loaded, will blow the PC speaker?

Despite many helpful and not-so-helpful answers each year, the mysterious questioner still doesn’t seem to have figured out how to do the job.

A tongue-in-cheek exchange at the very first time of asking explains the reason for the potential cybervandalism as follows:


I am helping a small school system with a number of Linux
workstations.  Previously, the students (middle and high schools)
abused the sound cards in the systems.  This was remedied by changing
the permissions on sound devices so that non-root users would be
denied access (something easily done remotely, and on an automated
basis.)

At that point, the students started finding creative ways to abuse the
PC speaker, which became rather distracting.  We unloaded and disabled
the PC speaker kernel module, which remedied the situation for a
while.

So, the idea was raised about seeing if there was a way to blow the PC
speaker by loading a kernel module.  If so, a mass-deployment of a
kernel module overnight would take care of the PC speaker problem once
and for all.