lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 2 Jun 2015 13:35:06 +0200
From:	"Jason A. Donenfeld" <Jason@...c4.com>
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:	linux-kernel@...r.kernel.org,
	Dan Carpenter <dan.carpenter@...cle.com>,
	devel@...verdev.osuosl.org,
	Shigekatsu Tateno <shigekatsu.tateno@...el.com>,
	rupesh.gujare@...el.com
Subject: Re: Future of Ozwpan Driver - Maintainer? [Was: Re: [PATCH 0/4]
 ozwpan: Four remote packet-of-death vulnerabilities]

On Tue, Jun 2, 2015 at 3:35 AM, Greg Kroah-Hartman
<gregkh@...uxfoundation.org> wrote:
> I don't know, but I'm a bit loath to delete the driver from the tree as
> then people will just continue to use the version with all of the bugs.

Yea, I understand that. Though, I'm pretty sure that most users of
ozwpan use old forks tied to old kernels, and do not use upstream
anyway.

> If Atmel doesn't want to maintain the code anymore, do you want to do
> it?  You can always send patches for this issue, as you seem to have the
> hardware and can do testing, which I can't.

Thank you for the offer, and I would actually love to maintain a part
of the kernel. But I am likely the wrong man for ozwpan (inspite of
the Internet's claims of my wizardry [1]). The debugging I've done
thus far is on a readily available consumer embedded device, which I
was required to root and unsandbox and partake in other "security dark
magic" in order to get a decent debugging interface. My rig is rather
brittle and is likely to fall to pieces like aging solder at any
moment. I'd recommend this be maintained by someone with proper test
hardware and a suit of unit tests. This means: Atmel, or one of the
many clients to whom Atmel has sold high volumes of ozwpan chips. I'll
reach out where I can to see if I can find someone in a good position
to maintain it.

[1] https://twitter.com/drgfragkos/status/598776229282578432
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ