lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 26 Mar 2007 10:34:20 +0200
From:	Marcel Holtmann <marcel@...tmann.org>
To:	Arjan van de Ven <arjan@...ux.intel.com>
Cc:	Shaohua Li <shaohua.li@...el.com>,
	Daniel J Blueman <daniel.blueman@...il.com>,
	jamagallon@....com, tigran@...azian.fsnet.co.uk,
	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: New format Intel microcode...

Hi Arjan,

> > > > Is the tool you mentioned last June [1] available for splitting up the
> > > > old firmware files to the new format (eg
> > > > /lib/firmware/intel-ucode/06-0d-06), or are updates available from
> > > > Intel (or otherwise) in this new format?
> > > Yes, we are preparing the new format data files and maybe put it into a
> > > new website. We will announce it when it's ready.
> > 
> > please do _NOT_ use any sub-directories in the request_firmware() call.
> 
> it's not a strictly a subdirectory; there is a slash in the "metaname"
> the kernel asks for, and you can in userspace see it as subdirectory or
> you don't.. that's entirely upto the userspace side :)

that is the whole point. The slash was never meant to be used. It was
designed to take a filename or a pattern that will be later matched by
userspace. However some developers are now trying to abuse this since
the simple firmware helper script matches this directly to a filename
(and directory in this case) on the disk.

Putting a slash in the request_firmware() call now enforces a
subdirectory and that should be left up to the userspace. So the slash
is actually a forbidden character here.

Regards

Marcel


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ