| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200701105714.GA2098169@kroah.com>
Date: Wed, 1 Jul 2020 12:57:14 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Pavel Machek <pavel@...x.de>
Cc: Jesse Barnes <jsbarnes@...gle.com>,
Rajat Jain <rajatja@...gle.com>,
Rajat Jain <rajatxjain@...il.com>,
Bjorn Helgaas <helgaas@...nel.org>,
"Raj, Ashok" <ashok.raj@...el.com>,
"Krishnakumar, Lalithambika" <lalithambika.krishnakumar@...el.com>,
Bjorn Helgaas <bhelgaas@...gle.com>,
linux-pci <linux-pci@...r.kernel.org>,
Mika Westerberg <mika.westerberg@...ux.intel.com>,
Jean-Philippe Brucker <jean-philippe@...aro.org>,
Prashant Malani <pmalani@...gle.com>,
Benson Leung <bleung@...gle.com>,
Todd Broch <tbroch@...gle.com>,
Alex Levin <levinale@...gle.com>,
Mattias Nissler <mnissler@...gle.com>,
Zubin Mithra <zsm@...gle.com>,
Bernie Keany <bernie.keany@...el.com>,
Aaron Durbin <adurbin@...gle.com>,
Diego Rivas <diegorivas@...gle.com>,
Duncan Laurie <dlaurie@...gle.com>,
Furquan Shaikh <furquan@...gle.com>,
Christian Kellner <christian@...lner.me>,
Alex Williamson <alex.williamson@...hat.com>,
Joerg Roedel <joro@...tes.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [RFC] Restrict the untrusted devices, to bind to only a set of
"whitelisted" drivers
On Wed, Jul 01, 2020 at 10:47:50AM +0200, Pavel Machek wrote:
> Hi!
>
> > > We normally trust the hardware NOT to be malicious. (Because if hacker
> > > has physical access to hardware and lot of resources, you lost).
> >
> > That is what we originally thought, however the world has changed and we
> > need to be better about this, now that it is trivial to create a "bad"
> > device.
>
> I'm not disagreeing.
>
> > > This is still true today, but maybe trusting USB devices is bad idea,
> > > so drivers are being cleaned up. PCI drivers will be WORSE in this
> > > regard. And you can't really protect against malicious CPU, and it is
> > > very very hard to protect against malicous RAM (probably not practical
> > > without explicit CPU support).
> > >
> > > Linux was designed with "don't let hackers near your hardware" threat
> > > model in mind.
> >
> > Yes, it originally was designed that way, but again, the world has
> > changed so we have to change with it. That is why USB has for a long
> > time now, allowed you to not bind drivers to devices that you do not
> > "trust", and that trust can be determined by userspace. That all came
> > about thanks to the work done by the wireless USB spec people and kernel
> > authors, which showed that maybe you just don't want to trust any device
> > that comes within range of your system :)
>
> Again, not disagreeing; but note the scale here.
>
> It is mandatory to defend against malicious wireless USB devices.
Turns out there are no more wireless USB devices in the world, and the
code for that is gone from Linux :)
> We probably should work on robustness against malicious USB devices.
We are, and do have, that support today.
> Malicious PCI-express devices are lot less of concern.
Not really, they are a lot of concern to some people. Valid attacks are
out there today, see the thunderbolt attacks that numerous people have
done and published recently and for many years.
> Defending against malicious CPU/RAM does not make much sense.
That's what the spectre and rowhammer fixes have been for :)
thanks,
greg k-h
Powered by blists - more mailing lists