| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <21db8884-5aa1-3971-79ef-f173a0a95bef@linux.intel.com>
Date: Thu, 5 Aug 2021 10:58:46 -0700
From: Andi Kleen <ak@...ux.intel.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@...ux.intel.com>,
"Rafael J . Wysocki" <rafael@...nel.org>,
Jonathan Corbet <corbet@....net>,
Dan Williams <dan.j.williams@...el.com>,
Kuppuswamy Sathyanarayanan <knsathya@...nel.org>,
linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org
Subject: Re: [PATCH v1] driver: base: Add driver filter support
On 8/5/2021 10:51 AM, Greg Kroah-Hartman wrote:
>
> It's controlled by whatever you want to use in userspace. usbguard has
> been handling this logic in userspace for over a decade now just fine.
So how does that work with builtin USB drivers? Do you delay the USB
binding until usbguard starts up?
>
>> This doesn't help us handle builtin drivers that initialize before user
>> space is up.
> Then have the default setting for your bus be "unauthorized" like we
> allow for some busses today.
We need some early boot drivers, just not all of them. For example in
your scheme we would need to reject all early platform drivers, which
would break booting. Or allow all early platform drivers, but then we
exactly get into the problem that there are far too many of them to
properly harden.
> There is a platform bus, it's just a fake one. The platform bus code
> does the binding just like any other bus does, why is platform somehow
> "special"? Except for how it is abused...
For once it's usually all initialized early, so there's no way for user
space to do anything.
-andi
Powered by blists - more mailing lists