On Fri, Mar 02, 2007 at 04:29:57PM -0800, Greg KH wrote: > On Sat, Mar 03, 2007 at 01:27:07AM +0100, Oleg Verych wrote: > > > > If you can proof that it doesn't influence kernel's control above system > > hardware. Ironically such stuff in the userspace can give additional > > intrusion way to the kernel. > > Do you know of any way to use the firmware interface to the kernel for > intrusion? If so, please let us know and we will fix it. > > Otherwise, baseless speculation doesn't help out anyone.
This is not baseless for a particular distro scripts/directories/firmware files. Chain of trust between user and kernel includes on only kernel developers. A way straight to the kernel _is_ there and it's provided by userspace firmware loader. And only you can do is accept a thing much like as signing firmwares (similar to posted patch to sign modules :). So if you are accepting a firmware into the kernel, watch closely how it's being used. Tracking static symbols vs. buffer's content from request_firmware() can be harder, i think. _____ ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ linux-usb-devel@lists.sourceforge.net To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
