lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1220910837.11655.28.camel@californication>
Date:	Mon, 08 Sep 2008 23:53:57 +0200
From:	Marcel Holtmann <marcel@...tmann.org>
To:	"David S. Miller" <davem@...emloft.net>
Cc:	netdev@...r.kernel.org
Subject: Bluetooth fixes for 2.6.27

Hi Dave,

I do have three additional fixes for the Bluetooth subsystem that should
go into the 2.6.27 release. After the heated discussion, I really wanted
not to bother you until the next merge window, but from my perspective
all three patches fall in the regression or security fix category. That
is my personal view on these and feel free to disagree.

The first patch is a clear regression that got introduced with
2.6.27-rc1 when adding Simple Pairing support. I forgot to decrease the
reference count on an incoming ACL link. This patch actually makes the
code simpler.

The second patch fixes the authentication requirements. We do have to
separate between service discovery and actual profile channels. This is
a clear requirement of the Bluetooth Security Mode 4 introduced with the
addition of the Simple Pairing support. Not fixing this will result in
broken behavior when doing service discovery with Simple Pairing enabled
devices.

The third patch rejects insecure incoming connections. This is a clear
security issues since we can't rely on the initiator doing the right
thing and establishing an encrypted link. Malicious devices would just
skip that step and in that case we have to reject connection attempt
without going into the connection phase at all.

I tried to put detailed information into the commit messages to make it
clear why I submitted these patches in the -rc phase.

We do have one suspend/resume regression with the btusb driver that I
like to see fixed, but the fix would require new USB core functionality.
I am not sure if that happens in the 2.6.27 timeframe. I will check with
Oliver if we can come up with a patch that works with the current
kernel.

Regards

Marcel


Please pull from

    git://git.kernel.org/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6.git master

This will update the following files:

 include/net/bluetooth/hci_core.h |    3 ++-
 net/bluetooth/af_bluetooth.c     |    2 +-
 net/bluetooth/hci_conn.c         |   21 ++++++++++++++++++---
 net/bluetooth/hci_event.c        |   11 ++++-------
 net/bluetooth/l2cap.c            |   34 ++++++++++++++++++++++++++++------
 net/bluetooth/sco.c              |    2 +-
 6 files changed, 54 insertions(+), 19 deletions(-)

through these ChangeSets:

Marcel Holtmann (3):
    [Bluetooth] Fix reference counting during ACL config stage
    [Bluetooth] Enforce correct authentication requirements
    [Bluetooth] Reject L2CAP connections on an insecure ACL link


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ