lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1508455899.2274.73.camel@tiscali.nl>
Date:   Fri, 20 Oct 2017 01:31:39 +0200
From:   Paul Bolle <pebolle@...cali.nl>
To:     Thomas Gleixner <tglx@...utronix.de>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Kees Cook <keescook@...omium.org>,
        "David S. Miller" <davem@...emloft.net>,
        Karsten Keil <isdn@...ux-pingi.de>,
        Johan Hovold <johan@...nel.org>,
        gigaset307x-common@...ts.sourceforge.net, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 32/58] isdn/gigaset: Convert timers to use timer_setup()

[CC-ing Linus because I quote him.]

On Fri, 2017-10-20 at 00:28 +0200, Thomas Gleixner wrote:
> Well, that does not explain why
> 
>       drivers->cs + i
> 
> would be corrupted. That would require that this cs -> urb link points at
> driver magically and then wreckages that driver data structure. Might be
> the case, but if so then there are dragons burried somehwere

Let's assume dragons are buried somewhere.

We need users to show us that they met a dragon, right? (I care little about
dragons no-one ever stumbles upon.)

In the explanation of commit 9f5af546e6ac ("isdn/i4l: fix buffer overflow")
Linus added:
    [ ISDN seems to be effectively unmaintained, and the I4L driver in
      particular is long deprecated, but in case somebody uses this..
        - Linus ]

ISDN is pretty niche. So it's no surprise that in mainline it's divided into
three parts: I4L, CAPI, and mISDN.

Arnd Bergmann has suggested more than once to move I4L to staging. (As far as
I know, moving drivers to staging effectively means removing those drivers,
but anyhow.) I'd say we'd just should do that. The stuff has been deemed
deprecated since basically forever.

I never cared about mISDN, but as far as I can see mISDN has quietly left
mainline.

The only actively maintained CAPI drivers are gigaset's drivers. But I'm
afraid maintaining gigaset basically means seeing treewide cleanups fly by and
  keeping the various fuzzers happy. I don't mind, and I could keep on doing
that for years. But still, I'd love to hear someone say: yes, I still care
about mainline ISDN.

Does that person still exists?

Thanks,


Paul Bolle

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ