[kernel-hardening] Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Matthew Garrett <mjg59@coreos.com>
Cc: Kees Cook <keescook@chromium.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	"Rafael J. Wysocki" <rjw@rjwysocki.net>,
	Len Brown <len.brown@intel.com>, Pavel Machek <pavel@ucw.cz>,
	Ulf Hansson <ulf.hansson@linaro.org>,
	Mauro Carvalho Chehab <mchehab@kernel.org>,
	Tomeu Vizoso <tomeu.vizoso@collabora.com>,
	Lukas Wunner <lukas@wunner.de>,
	Madalin Bucur <madalin.bucur@nxp.com>,
	Sudip Mukherjee <sudipm.mukherjee@gmail.com>,
	Rasmus Villemoes <linux@rasmusvillemoes.dk>,
	Arnd Bergmann <arnd@arndb.de>,
	Andrew Morton <akpm@linux-foundation.org>,
	Russell King <rmk+kernel@arm.linux.org.uk>,
	Petr Tesarik <ptesarik@suse.com>,
	linux-pm@vger.kernel.org, kernel-hardening@lists.openwall.com
Subject: [kernel-hardening] Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing
Date: Wed, 4 Jan 2017 21:47:04 +0100	[thread overview]
Message-ID: <20170104204704.GA17642@kroah.com> (raw)
In-Reply-To: <CAPeXnHs1=jCGtSgOO859bp2chMWBX1L6VaKn65RKoLaTbVq_0A@mail.gmail.com>

On Wed, Jan 04, 2017 at 02:01:00PM -0600, Matthew Garrett wrote:
> On Wed, Jan 4, 2017 at 1:47 PM, Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> > You know the device type and vendor/product id before you authorize it,
> > you should be able to do this type of detection otherwise it seems
> > pretty pointless :)
> 
> You know the vendor and product ID, which doesn't tell you whether one
> of the endpoints is a network device or a keyboard. You need to know
> that.

Are you sure you don't have the configuration information as well?  That
should tell you...

And for network devices, they are almost all just vendor/product ids,
not many use the class protocol.

thanks,

greg k-h

WARNING: multiple messages have this Message-ID (diff)

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Matthew Garrett <mjg59@coreos.com>
Cc: Kees Cook <keescook@chromium.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	"Rafael J. Wysocki" <rjw@rjwysocki.net>,
	Len Brown <len.brown@intel.com>, Pavel Machek <pavel@ucw.cz>,
	Ulf Hansson <ulf.hansson@linaro.org>,
	Mauro Carvalho Chehab <mchehab@kernel.org>,
	Tomeu Vizoso <tomeu.vizoso@collabora.com>,
	Lukas Wunner <lukas@wunner.de>,
	Madalin Bucur <madalin.bucur@nxp.com>,
	Sudip Mukherjee <sudipm.mukherjee@gmail.com>,
	Rasmus Villemoes <linux@rasmusvillemoes.dk>,
	Arnd Bergmann <arnd@arndb.de>,
	Andrew Morton <akpm@linux-foundation.org>,
	Russell King <rmk+kernel@arm.linux.org.uk>,
	Petr Tesarik <ptesarik@suse.com>,
	linux-pm@vger.kernel.org, kernel-hardening@lists.openwall.com
Subject: Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing
Date: Wed, 4 Jan 2017 21:47:04 +0100	[thread overview]
Message-ID: <20170104204704.GA17642@kroah.com> (raw)
In-Reply-To: <CAPeXnHs1=jCGtSgOO859bp2chMWBX1L6VaKn65RKoLaTbVq_0A@mail.gmail.com>

On Wed, Jan 04, 2017 at 02:01:00PM -0600, Matthew Garrett wrote:
> On Wed, Jan 4, 2017 at 1:47 PM, Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> > You know the device type and vendor/product id before you authorize it,
> > you should be able to do this type of detection otherwise it seems
> > pretty pointless :)
> 
> You know the vendor and product ID, which doesn't tell you whether one
> of the endpoints is a network device or a keyboard. You need to know
> that.

Are you sure you don't have the configuration information as well?  That
should tell you...

And for network devices, they are almost all just vendor/product ids,
not many use the class protocol.

thanks,

greg k-h

next prev parent reply	other threads:[~2017-01-04 20:47 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-03 22:58 [kernel-hardening] [PATCH] Allow userspace control of runtime disabling/enabling of driver probing Kees Cook
2017-01-03 22:58 ` Kees Cook
2017-01-03 23:34 ` [kernel-hardening] " Rafael J. Wysocki
2017-01-03 23:34   ` Rafael J. Wysocki
2017-01-03 23:38   ` [kernel-hardening] " Kees Cook
2017-01-03 23:38     ` Kees Cook
2017-01-04  1:45     ` [kernel-hardening] " Rafael J. Wysocki
2017-01-04  1:45       ` Rafael J. Wysocki
2017-01-04  1:45       ` Rafael J. Wysocki
2017-01-04  9:32 ` [kernel-hardening] " Greg Kroah-Hartman
2017-01-04  9:32   ` Greg Kroah-Hartman
2017-01-04 18:10   ` [kernel-hardening] " Matthew Garrett
2017-01-04 18:10     ` Matthew Garrett
2017-01-04 18:31     ` [kernel-hardening] " Matthew Garrett
2017-01-04 18:31       ` Matthew Garrett
2017-01-04 19:47       ` [kernel-hardening] " Greg Kroah-Hartman
2017-01-04 19:47         ` Greg Kroah-Hartman
2017-01-04 20:01         ` [kernel-hardening] " Matthew Garrett
2017-01-04 20:01           ` Matthew Garrett
2017-01-04 20:47           ` Greg Kroah-Hartman [this message]
2017-01-04 20:47             ` Greg Kroah-Hartman
     [not found]             ` <CAPeXnHvpp7OkNz=auKXbCPTQcf8NVSmPwz3r89ZckUMQ9Gkf_g@mail.gmail.com>
     [not found]               ` <CAPeXnHtWBkC24D2mHQk7C=dg5-+7N8Z+pZkQWveYmwyutWvigw@mail.gmail.com>
2017-01-04 20:59                 ` [kernel-hardening] " Matthew Garrett
2017-01-04 20:59                   ` Matthew Garrett
2017-01-04 21:53             ` [kernel-hardening] " Matthew Garrett
2017-01-04 21:53               ` Matthew Garrett
2017-01-04 22:05               ` [kernel-hardening] " Matthew Garrett
2017-01-04 22:05                 ` Matthew Garrett
2017-01-04 19:46     ` [kernel-hardening] " Greg Kroah-Hartman
2017-01-04 19:46       ` Greg Kroah-Hartman
2017-01-04 19:59       ` [kernel-hardening] " Matthew Garrett
2017-01-04 19:59         ` Matthew Garrett
2017-01-05  8:13         ` [kernel-hardening] " Tomeu Vizoso
2017-01-05  8:13           ` Tomeu Vizoso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170104204704.GA17642@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=akpm@linux-foundation.org \
    --cc=arnd@arndb.de \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=len.brown@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pm@vger.kernel.org \
    --cc=linux@rasmusvillemoes.dk \
    --cc=lukas@wunner.de \
    --cc=madalin.bucur@nxp.com \
    --cc=mchehab@kernel.org \
    --cc=mjg59@coreos.com \
    --cc=pavel@ucw.cz \
    --cc=ptesarik@suse.com \
    --cc=rjw@rjwysocki.net \
    --cc=rmk+kernel@arm.linux.org.uk \
    --cc=sudipm.mukherjee@gmail.com \
    --cc=tomeu.vizoso@collabora.com \
    --cc=ulf.hansson@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.