On Sat, Mar 03, 2007 at 01:56:31AM +0100, Oleg Verych wrote: > On Fri, Mar 02, 2007 at 04:29:57PM -0800, Greg KH wrote: > > On Sat, Mar 03, 2007 at 01:27:07AM +0100, Oleg Verych wrote: > > > > > > If you can proof that it doesn't influence kernel's control above system > > > hardware. Ironically such stuff in the userspace can give additional > > > intrusion way to the kernel. > > > > Do you know of any way to use the firmware interface to the kernel for > > intrusion? If so, please let us know and we will fix it. > > > > Otherwise, baseless speculation doesn't help out anyone. > > This is not baseless for a particular distro > scripts/directories/firmware files. Chain of trust between user and > kernel includes on only kernel developers. > > A way straight to the kernel _is_ there and it's provided by userspace > firmware loader. And only you can do is accept a thing much like as > signing firmwares (similar to posted patch to sign modules :).
No, the way is to control the device, not the kernel directly. Unless you can somehow control the kernel through the device itself, a vector that is not impossible, but very difficult. Although with network devices using firmware, the simple ability to snoop the traffic might be enough :) thanks, greg k-h ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ linux-usb-devel@lists.sourceforge.net To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
