| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Feb 2008 07:42:03 +1100 From: Benjamin Herrenschmidt <benh@...nel.crashing.org> To: Jean Delvare <khali@...ux-fr.org> Cc: Christian Krafft <krafft@...ibm.com>, linux-kernel@...r.kernel.org, parabelboi@...serverein.de, linuxppc-dev@...abs.org Subject: Re: [Patch 0/2] powerpc: avoid userspace poking to legacy ioports > Maybe Christian's patch can be improved to not do the check on these? > As long as /dev/port exists, it seems reasonable that the kernel should > behave, no matter what I/O ports are accessed from user-space. nonsense. /dev/mem exists for example, but you are still not supposed to go bang all over the place in it. > > I hate that sensors_detect.. or for that matter any other userland code > > that pokes random ports like that. It should die. > > What do you propose as a replacement? Dunno, something less scary, like knowing where your sensors are on a given machine... honestly, it's just scary the risk you guys are taking by banging random IO ports. At the very least, that shouldn't be done on non-x86. > And how is userland code poking at random ports different from kernel > code poking at random ports? We could move sensors-detect inside the > kernel (and I have some plan to do that) but I fail to see how this > would solve this particular problem. It wouldn't, but at least I could NAK it or make it CONFIG_X86 :-) Ben. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists