lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160122015801.GW20964@wotan.suse.de>
Date:	Fri, 22 Jan 2016 02:58:01 +0100
From:	"Luis R. Rodriguez" <mcgrof@...e.com>
To:	Kees Cook <keescook@...omium.org>,
	Greg KH <gregkh@...uxfoundation.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc:	"Luis R. Rodriguez" <mcgrof@...not-panic.com>,
	Ming Lei <ming.lei@...onical.com>,
	Josh Boyer <jwboyer@...oraproject.org>,
	Johannes Berg <johannes@...solutions.net>,
	Andy Lutomirski <luto@...capital.net>,
	Jonathan Corbet <corbet@....net>,
	David Woodhouse <dwmw2@...radead.org>,
	David Howells <dhowells@...hat.com>,
	Seth Forshee <seth.forshee@...onical.com>,
	Rusty Russell <rusty@...tcorp.com.au>,
	Michal Marek <mmarek@...e.cz>,
	Matthew Garrett <mjg59@...f.ucam.org>,
	Kyle McMartin <kyle@...nel.org>,
	Mimi Zohar <zohar@...ux.vnet.ibm.com>,
	Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
	Vivek Goyal <vgoyal@...hat.com>,
	Brian Norris <computersforpeace@...il.com>,
	Shuah Khan <shuahkh@....samsung.com>,
	linux-security-module <linux-security-module@...r.kernel.org>,
	keyrings@...ux-nfs.org, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3 5/5] firmware: add an extensible system data helpers

On Mon, Jan 04, 2016 at 12:31:58PM -0800, Kees Cook wrote:
> On Wed, Dec 23, 2015 at 1:34 PM, Luis R. Rodriguez
> <mcgrof@...not-panic.com> wrote:
> > In order to try to help phase out user mode helpers this makes no use of
> > the old user mode helper code *at all*, and if we wish to can easily
> > phase this code out with time then.
> 
> So these are basically wrappers around the existing firmware loading routines?

No, Greg has noted we cannot get rid of the usermode helper [0]. In fact at
kernel summit he mentioned there are a series of upcoming valid users who seem
to *want* it.  Even Linus has called for deprecating the usermode helper [1]
entirely if possible. This work tries to enable such prospects despite some
needing the usermode helper by enabling callers that *need* the usermode helper
to use the crappy usermode helper and letting us slowly dig that into a dark
corner. This paves the path with a shiny extensible API with prospects of
future features (fw signingin will be one) without use of the usermode helper
at all, the extensible API enables new extensions by avoiding unnecessary
collateral evolutions as this code / features get added. This provides a clean
an way to enable folks who do wish to deprecate and the usermode helper to do
so and provides carrots for doing that.
 
[0] https://marc.info/?i=20151006090821.GB9030%40kroah.com
[1] https://marc.info/?l=linux-kernel&m=144095832412928

  Luis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ