lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 16 May 2007 20:11:43 +0200
From:	Jean Delvare <khali@...ux-fr.org>
To:	Pavel Machek <pavel@....cz>
Cc:	Hans de Goede <j.w.r.degoede@....nl>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: CONFIG_BREAK_MY_MACHINE

On Tue, 15 May 2007 20:31:00 +0000, Pavel Machek wrote:
> Hi!
> 
> > > Hardware Monitoring support  --->
> > >   <*> Hardware Monitoring support
> > >   <*> Abit uGuru
> > >   <M> VIA686A
> > >   <*> IBM Hard Drive Active Protection System (hdaps)
> > > 
> > > But I'm quite sure that the only module used is VIA686A (I'm
> > > rebuilding to confirm).
> > 
> > This is a rather bad idea to build the abituguru and hdaps drivers into
> > your kernel if you don't have these devices. Especially abituguru, as
> > it does arbitrary port probing.
> 
> hdaps should be safe (DMI based whitelist, no?)

Correct.

> If abitguru breaks random machines, we probably should DMI whitelist,
> too.

I never said it was breaking machines, just that it was accessing
arbitrary I/O ports.

This was already discussed with the driver's author (Hans de Goede,
Cc'd) and I think we agreed on the principle, but it didn't happen yet.
This device only exists on Abit motherboards so it would be easy enough
to check the DMI vendor. A more detailed white list is also possible,
but I'm not insisting on it.

The driver could also be made to depend on X86, as this is the only
architecture where it is useful.

Hans, can you please submit a patch doing this?

Thanks,
-- 
Jean Delvare
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ