lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 31 May 2022 08:25:26 -0700
From:   Prasad Sodagudi <quic_psodagud@...cinc.com>
To:     <linux-spi@...r.kernel.org>, <linux-i2c@...r.kernel.org>,
        <broonie@...nel.org>, <wsa@...nel.org>
CC:     <linux-kernel@...r.kernel.org>
Subject: [Query] Looking for comments on CONFIG_SPI_SPIDEV and
 CONFIG_I2C_CHARDEV interfaces security

Hi All,

I am working on an IoT solution and would like to understand security 
impact of these two CONFIG_SPI_SPIDEV and CONFIG_I2C_CHARDEV interfaces 
of Linux. If a driver is developed from userspace for  /dev/spiX.Y or 
/dev/i2c interfaces,  are there any security concerns ?

Userspace driver is to control external SPI slave on board. I heard that 
these interfaces allows access to any of these type of devices on board. 
  How to avoid accessing any of these type of unwanted device access 
from userspace ?  Can Selinux or any mechanism control access to other 
these type of devices from user-space ?

Please share your comments/findings on these two interfaces related to 
security. If community had posted any security related discussions with 
these interfaces, please share details to improve understanding.

-Thanks, Prasad

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ