From: Stefan Richter <stefanr@s5r6.in-berlin.de>
To: Stefan Richter <stefanr@s5r6.in-berlin.de>
Cc: Lubomir Rintel <lkundrak@v3.sk>,
linux-kernel@vger.kernel.org,
linux1394-devel@lists.sourceforge.net,
Dave Hansen <dave.hansen@linux.intel.com>,
security@kernel.org
Subject: Re: security review needed - Re: [PATCH] ohci: Turn remote DMA support into a module parameter
Date: Sun, 12 Jan 2014 18:59:21 +0100 [thread overview]
Message-ID: <20140112185921.3753b042@stein> (raw)
In-Reply-To: <20131223172021.2c8a8f48@stein>
On Dec 23 Stefan Richter wrote:
> On Dec 22 Lubomir Rintel wrote:
> > This makes it possible to debug kernel over FireWire without the need to
> > recompile it.
> >
> > Cc: Stefan Richter <stefanr@s5r6.in-berlin.de>
> > Cc: Dave Hansen <dave.hansen@linux.intel.com>
> > Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
>
> Looks good to me. A load-time option is preferable over a compile-time
> option not only from the POV of the debugging use case, but also from the
> maintenance POV.
>
> It weakens security in two scenarios though, AFAICS:
>
> A)
> - There are firewire-ohci and firewire-sbp2 installed on the machine,
> - the attacker cannot upload code
> - but can load kernel modules
> - and has physical access to a 1394 port
> - and is not able to run a minimal SBP-2 target on the remote 1394 end.
>
> B)
> - There is firewire-ohci but not firewire-sbp2 installed on the machine,
> - the attacker cannot upload code
> - but can load kernel modules
> - and has physical access to a 1394 port.
>
> (In both scenarios, the attacker additionally has to be able to /un/load
> kernel modules if firewire-ohci was loaded already before the attack.)
>
> That's both quite specific. Hence the security impact of this patch is
> negligible in my opinion. Any other opinions or insights into it?
Since there were no objections, I committed it to linux1394.git master
and for-next now.
--
Stefan Richter
-=====-====- ---= -==--
http://arcgraph.de/sr/
prev parent reply other threads:[~2014-01-12 17:59 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-22 10:34 [PATCH] ohci: Turn remote DMA support into a module parameter Lubomir Rintel
2013-12-23 16:20 ` security review needed - " Stefan Richter
2014-01-12 17:59 ` Stefan Richter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140112185921.3753b042@stein \
--to=stefanr@s5r6.in-berlin.de \
--cc=dave.hansen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux1394-devel@lists.sourceforge.net \
--cc=lkundrak@v3.sk \
--cc=security@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.