lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20141018223630.497988fa@alan.etchedpixels.co.uk>
Date:	Sat, 18 Oct 2014 22:36:30 +0100
From:	One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:	John Stultz <john.stultz@...aro.org>,
	lkml <linux-kernel@...r.kernel.org>, devel@...verdev.osuosl.org,
	Linux API <linux-api@...r.kernel.org>,
	Santosh Shilimkar <santosh.shilimkar@...com>,
	Arve Hjønnevåg <arve@...roid.com>,
	Sumit Semwal <sumit.semwal@...aro.org>,
	Rebecca Schultz Zavin <rebecca@...roid.com>,
	Christoffer Dall <christoffer.dall@...aro.org>,
	Anup Patel <anup.patel@...aro.org>
Subject: Re: [PATCH] staging: android: binder: move to the "real" part of
 the kernel

> Do we really need someone to do more work that has been done on it in
> the past as an official "maintainer"?  I'll be glad to do it, as I doubt
> it will require any time at all.

Well every time in the past that Al Viro looked in its direction he broke
it so probably. Someone is going to have to clean up or fix the fact it
pokes around in the depths of the low level fd I/O code and calls stuff
like __fd_install and __alloc_fd directly, or mend it if it breaks.

I'm curious what Al Viro thinks of it

> > Currently in the android space no one but libbinder should use the
> > kernel interface.
> 
> That is correct.  If you do that, you deserve all of the pain and
> suffering and rooted machines you will get.

So what is the Android side model for its security. That probably also
should be described so nobody goes off and uses it for something like
systemd because "it looked neat".

> But all of the changes will be in new code.  Be it kdbus, or something
> else if that doesn't work out.  This existing binder.c file will not be
> changing at all.  This existing ABI, and codebase, is something that we
> have to maintain forever for those millions of devices out there in the
> real world today. 

95% of those devices are locked down, most of them have non replaceable
batteries that will dead and irreplacable (sanely anyway) in 3-5 years.
"Forever" in the phone world is mercifully rather short.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ