lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANiDSCs7mdMmCxho+u=DC53kCaUTq05htzpV2=_NEkvq0U0pOw@mail.gmail.com>
Date: Tue, 18 Nov 2025 07:21:01 +0100
From: Ricardo Ribalda <ribalda@...omium.org>
To: Gergo Koteles <soyer@....hu>
Cc: Laurent Pinchart <laurent.pinchart@...asonboard.com>, Hans de Goede <hansg@...nel.org>, 
	Mauro Carvalho Chehab <mchehab@...nel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, 
	linux-media@...r.kernel.org, linux-kernel@...r.kernel.org, 
	linux-usb@...r.kernel.org
Subject: Re: [PATCH 4/4] media: uvcvideo: Introduce allow_privacy_override

On Mon, 17 Nov 2025 at 22:10, Gergo Koteles <soyer@....hu> wrote:
>
> Hi Ricardo,

Hi Gergo

>
> On Mon, 2025-11-17 at 20:14 +0000, Ricardo Ribalda wrote:
> > +     if (uvc_is_privacy_mapping(xmap) && !uvc_allow_privacy_override_param) {
> > +             pr_warn_once("uvcvideo: Privacy related controls can only be mapped if param allow_privacy_override is true\n");
> > +             return -EINVAL;
> > +     }
> > +
>
> To really prevent the LED from being turned off, it should also be
> added to uvc_xu_ctrl_query.

Will add in in v2. Thanks.

I wanted to get the ball rolling first :)

>
> But why has it become so important after 10+ years that it cannot be
> turned off on Linux? What has changed?
> The majority of users use open-source software, they can view the
> source at any time.

Most users expect that the led is always on when the camera is active.
I think the usecases where the led should not be turned on are spooky
or very limited.

Even if you use open-source software, when it parses user generated
data, there is a risk for bugs. If there is a bug the only thing
protecting the security of the camera is the membership of the video
group which is a very low barrier. And once you manage to change the
LED behaviour will persist in other unrelated apps.

With the current proposal you need to actively enable the
privacy_override_param, which typically requires root access.

Regards!


>
>
> Gergo



-- 
Ricardo Ribalda

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ