lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <201704191854.51783@pali>
Date:   Wed, 19 Apr 2017 18:54:51 +0200
From:   Pali Rohár <pali.rohar@...il.com>
To:     Mario.Limonciello@...l.com
Cc:     dvhart@...radead.org, rjw@...ysocki.net, luto@...capital.net,
        len.brown@...el.com, corentin.chary@...il.com, luto@...nel.org,
        andriy.shevchenko@...ux.intel.com, linux-kernel@...r.kernel.org,
        platform-driver-x86@...r.kernel.org, linux-pm@...r.kernel.org
Subject: Re: RFC: WMI Enhancements

On Wednesday 19 April 2017 18:29:53 Mario.Limonciello@...l.com wrote:
> > As wrote above, I'm fine with explicit whitelist of WMI GUIDs which
> > will be exported to userspace after communication with vendor.
> 
> What about GUID's not yet used by kernel drivers?  Would those
> default to whitelist default to blacklist?  My preference would be
> to default to whitelist. This allows new GUID's to be added later
> without needing to modify kernel for something that kernel won't
> need to do anything immediately.

I understood it as there would be explicit whitelist in kernel and new 
GUIDs would be needed to add into whitelist, even those which do not 
have kernel wmi driver.

Exporting all GUIDs (to userspace) which are not bind to kernel driver 
has one big problem. If kernel introduce new wmi driver for such GUID 
then it block userspace to access it or at least would need to provide 
audit filter and something would be probably filtered. It means that 
some userspace applications which would use that GUIDs stops working 
after upgrading to new kernel. And we can be in situation where *user* 
need to decide: either use 3rd party userspace application from vendor 
which provide some special settings for your laptop, or use kernel 
module which provides standard rfkill/led/input class driver.

-- 
Pali Rohár
pali.rohar@...il.com

Download attachment "signature.asc " of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ