| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.44L0.1108111145360.1958-100000@iolanthe.rowland.org> Date: Thu, 11 Aug 2011 11:49:55 -0400 (EDT) From: Alan Stern <stern@...land.harvard.edu> To: Alan Cox <alan@...rguk.ukuu.org.uk> cc: Mauro Carvalho Chehab <mchehab@...radead.org>, Hans de Goede <hdegoede@...hat.com>, Theodore Kilgore <kilgota@...ach.math.auburn.edu>, Sarah Sharp <sarah.a.sharp@...ux.intel.com>, Greg KH <greg@...ah.com>, <linux-usb@...r.kernel.org>, <linux-media@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <libusb-devel@...ts.sourceforge.net>, Alexander Graf <agraf@...e.de>, Gerd Hoffmann <kraxel@...hat.com>, <hector@...cansoft.com>, Jan Kiszka <jan.kiszka@...mens.com>, Stefan Hajnoczi <stefanha@...ux.vnet.ibm.com>, <pbonzini@...hat.com>, Anthony Liguori <aliguori@...ibm.com>, Jes Sorensen <Jes.Sorensen@...hat.com>, Oliver Neukum <oliver@...kum.org>, Felipe Balbi <balbi@...com>, Clemens Ladisch <clemens@...isch.de>, Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.de>, Laurent Pinchart <laurent.pinchart@...asonboard.com>, Adam Baker <linux@...er-net.org.uk> Subject: Re: USB mini-summit at LinuxCon Vancouver On Thu, 11 Aug 2011, Alan Cox wrote: > Actually there are more issues than that - you've also got to worry about > a security/permission model, and that is hard to get right, especially if > you are not very careful that anything that can be retrieved which might > violate the security model (eg the last frame on the capture) has been > blanked before handover etc. As far as I can tell, these same security issues exist today. I don't see them getting any worse than they are now. > And applications that are touching both video (even indirectly) and still > camera may get surprise deadlocks if they accidentally reference both the > still and video device even via some library or service. No, not deadlocks. Just -EBUSY errors. > > > Well, a user program can assume that the kernel driver left the device > > > in a clean state. The reverse isn't always true, however -- it's one > > Not it cannot - the user program doesn't know > > a) if the kernel driver has ever been loaded > b) the values the kernel driver leaves set (and those will change no > doubt at times) > c) if the camera has been plugged and unplugged and not yet had the > kernel driver loaded That's true. The program can't assume that a kernel driver was ever bound to the device; all it can assume is that _if_ a kernel driver was bound then it left the device in a sane state -- whatever "sane" might mean in this context. > To me it sounds like a recipe for disaster. For those tiny number of > devices involved just use V4L and if need be some small V4L tweaks to > handle still mode. In most cases the interface is basically identical and > I'd bet much of the code is identical too. I'm not against moving the whole thing into the kernel. I'm just pointing out that an easier-to-code-up solution will accomplish much the same result. Alan Stern -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists