lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 24 Dec 2018 10:12:29 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Marcus Meissner <meissner@...e.de>
Cc:     linux-kernel@...r.kernel.org, dmitry.torokhov@...il.com
Subject: Re: FYI: Userland breakage caused by udev bind commit

On Sun, Dec 23, 2018 at 05:49:54PM +0100, Marcus Meissner wrote:
> Hi,
> 
> I am the maintainer of libmtp and libgphoto2
> 
> Some months ago I was made aware of this bug:
> 	https://bugs.kde.org/show_bug.cgi?id=387454
> 
> This was fallout identified to come from this kernel commit:
> 
> 	commit 1455cf8dbfd06aa7651dcfccbadb7a093944ca65
> 	Author: Dmitry Torokhov <dmitry.torokhov@...il.com>
> 	Date:   Wed Jul 19 17:24:30 2017 -0700
> 
> If distributions would be using libmtp and libgphoto2 udev rules
> that just triggered on "add" events, and not the new "bind" events,
> the missing "attribute tagging" of the "bind" events would confused the
> KDE Solid device detection and make the devices no longer detected.
> 
> This did not affect distributions that rely on the newer "hwdb"
> device detection method.
> 
> I have released fixed libmtp and libgphoto2 versions in November, so
> this is under control, but wanted to bring this up as a "kernel caused
> userland breakage".

This is complex, sorry.  When this first commit was merged, we did get
some reports of problems, so we reverted it.  Dmitry worked through the
issues and then we added it back again.

That was back in July of 2017, and since then, we had not heard of any
problems that happened until this month, a very long time.

So I really don't understand the root problem here, all of the distros
that have been shipping kernels with this code for over a year didn't
seem to have any issues.  My systems never had any issues, and so I
can't figure out what suddenly changed to cause problems.

Was it the fact that we all are using distros that use hwdb?  Who does
_not_ use hwdb these days?  Heck, I would have expected Debian to report
problems as they are the ones that are known to use old userspace code
with kernel developers using new kernels.

So what changed to cause the problem recently?

confused,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ