lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 16 Mar 2016 12:02:48 -0400
From:	Theodore Ts'o <tytso@....edu>
To:	Doug Ledford <dledford@...hat.com>
Cc:	Al Viro <viro@...iv.linux.org.uk>,
	Mike Marciniszyn <infinipath@...el.com>,
	linux-rdma@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Dennis Dalessandro <dennis.dalessandro@...el.com>,
	ira weiny <ira.weiny@...el.com>,
	Jubin John <jubin.john@...el.com>
Subject: Re: [WTF] utterly tasteless ABI in hfi1 (around
 ->write()/->write_iter())

On Wed, Mar 16, 2016 at 11:46:31AM -0400, Doug Ledford wrote:
> I can't speak for Mike, but I never said "It's Special".  I said it's a
> driver internal thing with only one consumer and the kernel driver and
> the user space consumer are a matched pair.  If this were a general API
> for use by any old program I would agree with you, but since it isn't, I
> wasn't that concerned about whether it got fixed.  If it broke, Intel
> had both pieces and could fix it.  And with that in mind I said "ince
> this is an internal driver interface that only Intel uses, I'm not
> inclined to force them to rewrite their driver and their library just
> because their particular usage took you off guard."

The thing which is really scary about the "we own both pieces, so we
can be sloppy with the interface design" is there is the question of
whether there are any security issues with such an interface.  Maybe
the assumption is that only root will get to access the interface, but
as we're seeing with user namespaces, very often these assumptions are
getting upended.

So certainly if I were a bad guy working at the NSA^H^H^H^H KGB trying
to find a zero-day that I would keep in my agency's back pocket,
interfaces designed with this kind of attitude would be the first
place I would look.

> For the hfi1 driver (and OPA in general), we do have the ability to do a
> new API.  But, going back to what I said before, I just don't care that
> much.  It's Intel internal stuff as far as I'm concerned.  If they do
> something fragile and it breaks, then that's all on their hands.

Except if there's a security vulernability, then it's on our
collective heads as kernel developers.  Unless we want to tell people,
"don't use intel hardware, it's written by device driver authors who
are sloppy"....

							- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ