lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <523DBCE4.1060903@linux-pingi.de>
Date:	Sat, 21 Sep 2013 17:36:04 +0200
From:	Karsten Keil <kkeil@...ux-pingi.de>
To:	Jiri Slaby <jslaby@...e.cz>
CC:	David Miller <davem@...emloft.net>, ben@...adent.org.uk,
	akpm@...ux-foundation.org, jeffm@...e.com, netdev@...r.kernel.org,
	isdn4linux@...pen.de, isdn@...ux-pingi.de,
	sergei.shtylyov@...entembedded.com
Subject: Re: [patch 2/4] mISDN: add support for group membership check

Hi Jiri,

thanks for bringing up this this issue again and sorry for not jumping
in earlier.

Am 20.09.2013 18:30, schrieb Jiri Slaby:
> On 09/20/2013 06:21 PM, David Miller wrote:
>> From: Jiri Slaby <jslaby@...e.cz>
>> Date: Fri, 20 Sep 2013 18:18:02 +0200
>>
>>> Ok, let's leave the hole in there then.
>>
>> Jiri, don't turn this on me.
>>
>> The issue is not whether something needs to be fixed or not, I never
>> said "don't fix this" and therefore I'd like to ask politely that you
>> not make it seem like I have.
>>
>> Rather, I'm saying that the implementation is terrible, sets a bad
>> precendence for fixing similar problems, and therefore not is in
>> a state where we can apply it.

OK, the history of this this patch is, that the somebody came up with
the issue, that with the old device node implementation it was simple to
restrict access to a group via standard unix file access rules to avoid
normal users could use ISDN to sniff the bus or even worst for the owner
make high cost calls.
Then somebody came up with this idea, which did allow a similar level of
protection. I did not like it very much nor I had a better idea, SuSE
security people did want it, so it was implemented. I never tried to
push it.

>>
>> So, I'm not saying "don't fix this", I'm saying "fix it properly."
> 

David, since you mention that here are maybe other drivers with same
issues, do you have an idea about a better interface or maybe a
completely other way which could be used to restrict the access to some
group of users.

> Yeah, I understand your point and agree, that the parameter is ugly as
> hell. But investing any more time in ISDN is not worth it, I think.
> Look, I sent the patch a couple times to the ISDN maintainers and they
> didn't even bother to reply. And I am not familiar with the code and do
> not want to spend more time than putting there a single check, sorry.
> Hence, if there is anybody from the ISDN fellows to take care of that,
> nice. If not, we will just live with this patch locally some more years
> and drop it when the ISDN subsystem is dropped from the kernel, if
> dropped at all.



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ