lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 26 Mar 2019 18:16:15 -0700
From:   Brian Norris <briannorris@...omium.org>
To:     shuah <shuah@...nel.org>
Cc:     David Valleau <valleau@...omium.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux USB Mailing List <linux-usb@...r.kernel.org>,
        Michael Grzeschik <m.grzeschik@...gutronix.de>,
        Valentina Manea <valentina.manea.m@...il.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Sasha Levin <alexander.levin@...rosoft.com>
Subject: Re: [PATCH] tools: usb: usbip: adding support for older kernel versions

On Mon, Mar 25, 2019 at 6:59 PM shuah <shuah@...nel.org> wrote:
> 1. I plan to fix the tool to make it run on older kernels (pre-USB 3.0).

Great, thanks! We will probably do something downstream anyway, based
off the work David has done. But it would be great if upstream
supported this too.

> 2. I don't plan to support old tool running on new kernels. It doesn't
> make sense considering the security fixes. You can use the latest on
> older kernels (pre-USB 3.0).

Agreed for sufficiently-old tools. (Say, for instance, before this
year, where it seems we now agree that the interface shouldn't change
unnecessarily.) But eventually, this is an essential part of any
mature interface: that today's tools don't break on tomorrow's kernel.
(And yes, Greg noted that old things must die eventually, esp. for
such low-level stuff, so that might not be true for sufficiently long
values of "tomorrow." But it shouldn't be taken lightly.)

I think we already more or less agreed on that, but in case we didn't,
I want to make the disagreement clear.

> 3. I am going to assume you are *using* the latest stable kernels that
> have the security fixes.

That's a reasonable assumption. It's not necessarily a true one (prior
to 4.4, where we started taking that seriously), but where it's not
true, it's our problem not yours.

Thanks,
Brian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ