| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 May 2016 10:42:29 +0200 From: Krzysztof Kozlowski <k.kozlowski@...sung.com> To: Linus Walleij <linus.walleij@...aro.org> Cc: Tomasz Figa <tomasz.figa@...il.com>, Sylwester Nawrocki <s.nawrocki@...sung.com>, Kukjin Kim <kgene@...nel.org>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, linux-samsung-soc <linux-samsung-soc@...r.kernel.org>, "linux-gpio@...r.kernel.org" <linux-gpio@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Marek Szyprowski <m.szyprowski@...sung.com>, Bartlomiej Zolnierkiewicz <b.zolnierkie@...sung.com> Subject: Re: [PATCH] pinctrl: samsung: Suppress unbinding to prevent theoretical attacks On 05/26/2016 11:08 AM, Linus Walleij wrote: > On Tue, May 17, 2016 at 8:02 AM, Krzysztof Kozlowski > <k.kozlowski@...sung.com> wrote: > >> Although unbinding a pinctrl driver requires root privileges but it >> still might be used theoretically in certain attacks (by triggering NULL >> pointer exception or memory corruption). > > Patch applied with Javier's review tag. > > I suspect this kind of patch should be done to a few > GPIO controller :/ Probably yes... Either the driver properly and safely handles unbind (remove() callback) or it should be forbidden. In the same time, even if remove() is implemented, unbinding some of the core SoC drivers is like shooting self in the foot. Best regards, Krzysztof
Powered by blists - more mailing lists