| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 Jan 2016 02:58:01 +0100 From: "Luis R. Rodriguez" <mcgrof@...e.com> To: Kees Cook <keescook@...omium.org>, Greg KH <gregkh@...uxfoundation.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Mimi Zohar <zohar@...ux.vnet.ibm.com> Cc: "Luis R. Rodriguez" <mcgrof@...not-panic.com>, Ming Lei <ming.lei@...onical.com>, Josh Boyer <jwboyer@...oraproject.org>, Johannes Berg <johannes@...solutions.net>, Andy Lutomirski <luto@...capital.net>, Jonathan Corbet <corbet@....net>, David Woodhouse <dwmw2@...radead.org>, David Howells <dhowells@...hat.com>, Seth Forshee <seth.forshee@...onical.com>, Rusty Russell <rusty@...tcorp.com.au>, Michal Marek <mmarek@...e.cz>, Matthew Garrett <mjg59@...f.ucam.org>, Kyle McMartin <kyle@...nel.org>, Mimi Zohar <zohar@...ux.vnet.ibm.com>, Dmitry Kasatkin <dmitry.kasatkin@...il.com>, Vivek Goyal <vgoyal@...hat.com>, Brian Norris <computersforpeace@...il.com>, Shuah Khan <shuahkh@....samsung.com>, linux-security-module <linux-security-module@...r.kernel.org>, keyrings@...ux-nfs.org, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v3 5/5] firmware: add an extensible system data helpers On Mon, Jan 04, 2016 at 12:31:58PM -0800, Kees Cook wrote: > On Wed, Dec 23, 2015 at 1:34 PM, Luis R. Rodriguez > <mcgrof@...not-panic.com> wrote: > > In order to try to help phase out user mode helpers this makes no use of > > the old user mode helper code *at all*, and if we wish to can easily > > phase this code out with time then. > > So these are basically wrappers around the existing firmware loading routines? No, Greg has noted we cannot get rid of the usermode helper [0]. In fact at kernel summit he mentioned there are a series of upcoming valid users who seem to *want* it. Even Linus has called for deprecating the usermode helper [1] entirely if possible. This work tries to enable such prospects despite some needing the usermode helper by enabling callers that *need* the usermode helper to use the crappy usermode helper and letting us slowly dig that into a dark corner. This paves the path with a shiny extensible API with prospects of future features (fw signingin will be one) without use of the usermode helper at all, the extensible API enables new extensions by avoiding unnecessary collateral evolutions as this code / features get added. This provides a clean an way to enable folks who do wish to deprecate and the usermode helper to do so and provides carrots for doing that. [0] https://marc.info/?i=20151006090821.GB9030%40kroah.com [1] https://marc.info/?l=linux-kernel&m=144095832412928 Luis
Powered by blists - more mailing lists