| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Mar 2014 10:35:37 -0700 From: Alon Nafta <alon@...vatecore.com> To: David Miller <davem@...emloft.net> Cc: David Laight <David.Laight@...lab.com>, netdev <netdev@...r.kernel.org>, Grant Grundler <grantgrundler@...il.com> Subject: Re: [PATCH 1/4 V2] Ethernet drivers in 3.14-rc3 kernel: fix 3 buffer overflows triggered by hardware devices Hi David, I'm separating between HW misbehavior, and driver bugs than can lead to code execution. Similar checks for this exact field are well protected in other drivers, including the most common ones. Moreover, a system can be protected from malicious HW, and in fact doesn't have to trust HW at all (except for the CPU obviously). On Mon, Mar 24, 2014 at 10:17 AM, David Miller <davem@...emloft.net> wrote: > From: Alon Nafta <alon@...vatecore.com> > Date: Mon, 24 Mar 2014 09:41:21 -0700 > >> In regards to your comment about hardware-induced problems, from a >> holistic point of view, IMHO any buffer overflow should get fixed. > > I completely disagree with you. > > If we had to accomodate every possible arbitrary mis-behavior of > hardware, the drivers would be so bloated as to be nearly unusable. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists