lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 26 Mar 2019 09:55:09 +0900
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Brian Norris <briannorris@...omium.org>
Cc:     shuah <shuah@...nel.org>, David Valleau <valleau@...omium.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux USB Mailing List <linux-usb@...r.kernel.org>,
        Michael Grzeschik <m.grzeschik@...gutronix.de>,
        Valentina Manea <valentina.manea.m@...il.com>,
        Sasha Levin <alexander.levin@...rosoft.com>
Subject: Re: [PATCH] tools: usb: usbip: adding support for older kernel
 versions

On Mon, Mar 25, 2019 at 05:49:07PM -0700, Brian Norris wrote:
> > Not to say that this shouldn't be fixed if at all possible, but realize
> > that this is not the "normal" case of "we do not break userspace" here,
> > given the tool involved, and the apis being used.
> 
> I think I sort of understand what you're going for here, but can you
> elaborate so I don't have to assume?

To be specific, tools at the "very low level" that are used to configure
the kernel for userspace, or to interact with the kernel such that other
programs work on top of things properly (like udev), we have broken apis
such that we can fix issues with old mistakes and move on to more secure
or "correct" apis.

So we do change things at this layer at times, and normally no one
notices as they have moved on to newer userspace programs in the past 3
years.  Sometimes we do keep kernel support for really old userspace
systems, until they die out, and then we can finally drop the kernel
code.  Again, udev has done this over the years as we worked to figure
out a sane way to handle stuff.  We have rolled back kernel changes
until people finally killed their old Fedora 3 ppc32 systems for
example :)

To be honest, with the USB3 support added to usbip, no one noticed that
things broke, and the fact that it took 4 years to notice implies that
maybe it wasn't that big of a deal as no one used this.  But, as you
show, that assumption was not correct, so if we can fix things, we
should.

Did that help?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ