Am Samstag, 3. März 2007 01:29 schrieb Greg KH:
> On Sat, Mar 03, 2007 at 01:27:07AM +0100, Oleg Verych wrote:
> >
> > If you can proof that it doesn't influence kernel's control above system
> > hardware. Ironically such stuff in the userspace can give additional
> > intrusion way to the kernel.
>
> Do you know of any way to use the firmware interface to the kernel for
> intrusion? If so, please let us know and we will fix it.
If you can determine firmware for a block device whose filesystem is
then mounted with suid allowed or whose files root runs, you've rooted
the box.
Firmware needs the same level of protection as kernel modules on disk. This
is a basic feature of the system and can't be avoided. If you are paranoid
enough to compile your kernel without module loading, you also have
to disable firmware loading for block (and net due to nfs/cifs) devices.
Regards
Oliver
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
linux-usb-devel@lists.sourceforge.net
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
