lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 12 Oct 2017 14:43:45 +0000
From:   <Mario.Limonciello@...l.com>
To:     <pali.rohar@...il.com>
CC:     <gnomes@...rguk.ukuu.org.uk>, <dvhart@...radead.org>,
        <andy.shevchenko@...il.com>, <linux-kernel@...r.kernel.org>,
        <platform-driver-x86@...r.kernel.org>, <luto@...nel.org>,
        <quasisec@...gle.com>, <rjw@...ysocki.net>, <mjg59@...gle.com>,
        <hch@....de>, <greg@...ah.com>
Subject: RE: [PATCH v7 10/15] platform/x86: dell-smbios: add filtering
 capability for requests

> -----Original Message-----
> From: Pali Rohár [mailto:pali.rohar@...il.com]
> Sent: Thursday, October 12, 2017 9:34 AM
> To: Limonciello, Mario <Mario_Limonciello@...l.com>
> Cc: gnomes@...rguk.ukuu.org.uk; dvhart@...radead.org;
> andy.shevchenko@...il.com; linux-kernel@...r.kernel.org; platform-driver-
> x86@...r.kernel.org; luto@...nel.org; quasisec@...gle.com;
> rjw@...ysocki.net; mjg59@...gle.com; hch@....de; greg@...ah.com
> Subject: Re: [PATCH v7 10/15] platform/x86: dell-smbios: add filtering capability
> for requests
> 
> On Thursday 12 October 2017 13:23:08 Mario.Limonciello@...l.com wrote:
> > The existing dcdbas calling interface tooling (libsmbios) expects to be able
> > to access all calls and all tokens.  *The kernel doesn't filter any of it.*
> 
> It does not mean that API/ABI was designed correctly or incorrectly.
> Existing old API/ABI is there and we are not going to change it...
> 
> > I understand the ask to filter some calls and that's why patch 10/15 exists,
> > but please let me remind you this patch series is intended to /replace and
> > deprecate/ dcdbas userspace access.
> 
> Now when there is a proposal for a new API/ABI, it should be designed
> correctly without need to redesign it again in future and address all
> problems which are found during review.
> 

Well sure I also would hate to have to redesign this again in the future.
I believe that this is sufficient now.

I'm looking up commands that FW claims can be supported and filtering the
rest.  There's your whitelist.

I addressed the concern on the perceived dangerous calls (write once, debugging,
manufacturing use only etc) and those are now filtered.  There's your blacklist.

Other than the minor errors that kbuild test robot caught from v6 and the 
s/desc_buffer/buffer/ in an earlier patch, what's left?

Powered by blists - more mailing lists