| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <fd65b83abc22587e592a565dd2b326e8eb63f34c.camel@irl.hu> Date: Tue, 18 Nov 2025 09:48:02 +0100 From: Gergo Koteles <soyer@....hu> To: Ricardo Ribalda <ribalda@...omium.org> Cc: Laurent Pinchart <laurent.pinchart@...asonboard.com>, Hans de Goede <hansg@...nel.org>, Mauro Carvalho Chehab <mchehab@...nel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, linux-media@...r.kernel.org, linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org Subject: Re: [PATCH 4/4] media: uvcvideo: Introduce allow_privacy_override Hi Ricardo, On Tue, 2025-11-18 at 07:21 +0100, Ricardo Ribalda wrote: > > Most users expect that the led is always on when the camera is active. > I think the usecases where the led should not be turned on are spooky > or very limited. > Or do most users expect that if a piece of hardware has a setting, they can set it without module parameters? > Even if you use open-source software, when it parses user generated > data, there is a risk for bugs. If there is a bug the only thing > protecting the security of the camera is the membership of the video > group which is a very low barrier. And once you manage to change the > LED behaviour will persist in other unrelated apps. > So this is about what if an attacker accessed my passwords, private keys, OTP tokens, emails, pictures and then couldn't take a fresh picture of me in the dark without an LED? I'm smart as hell and I use a privacy tape anyway ;) I think freedom is worth more than this kind of fear. Gergo
Powered by blists - more mailing lists