| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 24 Sep 2006 11:46:47 +0400
From: Sergey Vlasov <vsu@...linux.ru>
To: Willy Tarreau <w@....eu>
Cc: Adrian Bunk <bunk@...sta.de>, Greg KH <greg@...ah.com>,
linux-kernel@...r.kernel.org
Subject: Re: Linux 2.6.16.30-pre1
On Sun, 24 Sep 2006 01:53:15 +0200 Willy Tarreau wrote:
> The problem is when some hardware suddenly become detected and assigned
> in the middle of a stable release. Do not forget that people need stable
> releases to be able to blindly update and get their security vulnerabilities
> fixed. Sometimes, unlocking 2 SATA ports on the mobo by adding a PCI ID or
> adding the PCI ID of some new ethernet cards that were not supported may
> lead to such fun things (eth0 becoming eth2, sda becoming sdc, etc...).
> This causes real trouble to admins, particularly those doing remote
> updates. At least, I think that if you manage to inform people clearly
> enough, and to separate security fixes and such fixes in distinct releases,
> it might work in most situations. But this is a dangerous game anyway.
Seems that the V4L/DVB patches in question are safe in this regard.
These patches add PCI table entries matching the specific subsystem ids;
without these entries the device will still match the default entry for
the chip, and the user will get the same /dev/videoN, but most likely it
won't work correctly.
The only problem which might arise is with additional IR input devices,
but no one should expect any stable ordering there - with USB the order
of input devices is already random.
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists