| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 21 Sep 2013 17:36:04 +0200 From: Karsten Keil <kkeil@...ux-pingi.de> To: Jiri Slaby <jslaby@...e.cz> CC: David Miller <davem@...emloft.net>, ben@...adent.org.uk, akpm@...ux-foundation.org, jeffm@...e.com, netdev@...r.kernel.org, isdn4linux@...pen.de, isdn@...ux-pingi.de, sergei.shtylyov@...entembedded.com Subject: Re: [patch 2/4] mISDN: add support for group membership check Hi Jiri, thanks for bringing up this this issue again and sorry for not jumping in earlier. Am 20.09.2013 18:30, schrieb Jiri Slaby: > On 09/20/2013 06:21 PM, David Miller wrote: >> From: Jiri Slaby <jslaby@...e.cz> >> Date: Fri, 20 Sep 2013 18:18:02 +0200 >> >>> Ok, let's leave the hole in there then. >> >> Jiri, don't turn this on me. >> >> The issue is not whether something needs to be fixed or not, I never >> said "don't fix this" and therefore I'd like to ask politely that you >> not make it seem like I have. >> >> Rather, I'm saying that the implementation is terrible, sets a bad >> precendence for fixing similar problems, and therefore not is in >> a state where we can apply it. OK, the history of this this patch is, that the somebody came up with the issue, that with the old device node implementation it was simple to restrict access to a group via standard unix file access rules to avoid normal users could use ISDN to sniff the bus or even worst for the owner make high cost calls. Then somebody came up with this idea, which did allow a similar level of protection. I did not like it very much nor I had a better idea, SuSE security people did want it, so it was implemented. I never tried to push it. >> >> So, I'm not saying "don't fix this", I'm saying "fix it properly." > David, since you mention that here are maybe other drivers with same issues, do you have an idea about a better interface or maybe a completely other way which could be used to restrict the access to some group of users. > Yeah, I understand your point and agree, that the parameter is ugly as > hell. But investing any more time in ISDN is not worth it, I think. > Look, I sent the patch a couple times to the ISDN maintainers and they > didn't even bother to reply. And I am not familiar with the code and do > not want to spend more time than putting there a single check, sorry. > Hence, if there is anybody from the ISDN fellows to take care of that, > nice. If not, we will just live with this patch locally some more years > and drop it when the ISDN subsystem is dropped from the kernel, if > dropped at all. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists