From: devzero@web.de
To: Pavel Machek <pavel@suse.cz>
Cc: linux-kernel@vger.kernel.org
Subject: Re: odd habits with binary blobs.....
Date: Sun, 07 Dec 2008 18:13:52 +0100 [thread overview]
Message-ID: <534120846@web.de> (raw)
>>On Wed 2008-12-03 22:40:51, devzero@web.de wrote:
>> hello,
>>
>> i gave r1soft`s new/free "hot copy" a try today and .... failed:
>>
>> vserver2:/tmp/usr/sbin # ./hcp-setup
>> Gathering kernel information
>> Gathering kernel information complete.
>> Error: A network error occurred connecting to 'kmod32.r1soft.com'
>>
>> what a pain....trying to setup a linux kernel module, the installer wants to phone \
>> home - and fails.
>> but it`s even worse - http://wiki.r1soft.com/display/LTR1D/hcp-setup tells:
>>
>> BUILDING HOT COPY DRIVER FROM SOURCE
>>
>> hcp-setup will tar up your kernel source tree or headers and upload them to an \
>> R1Soft build server over HTTPS using XML-RPC. Once your system's kernel headers or \
>> source have been uploaded the R1Soft build server will compile a Hot Copy device \
>> driver as a kernel module and hcp-setup will automatically download it to your \
>> system.
>> In order for hcp-setup to work your Linux server must have HTTPS Internet access to \
>> kmod32.r1soft.com (32-bit systems) and kmod64.r1soft.com (64-bit systems)
>>
>> how weird is THAT?
>>
>> did anybody ever come across such "build binary blobs remotely" system ?
>>
>>
>> ok, disqualified. won`t touch it again, as i also don`t know what REALLY is \
>> transferred to the vendor - but i wonder what kernel devs think about such build \
>> system and what in-kernel alternative exists for this. (i think it doesn`t exist - \
>> but maybe somebody working on that ?)
>Hmm. Gcc was not really designed to prevent .c source from exploiting
>it.
>
>So I guess you could have some phun :-).
>
> Pavel
I already thought of that.
but isn`t it that not just a matter of gcc exploitability ?
what about uploading specially crafted makefiles, setup-scripts or kernel-source
containing backdoors.....?
besides hacking into the build servers - the problem i see is that other users download
binary code from a such potentially compromised system and/or may download kernel-
modules which could (!?) contain binary code compiled from untrusted sourcecode....
maybe BugTraq ML is a better place to discuss.....
roland
_______________________________________________________________________
Sensationsangebot verlängert: WEB.DE FreeDSL - Telefonanschluss + DSL
für nur 16,37 Euro/mtl.!* http://dsl.web.de/?ac=OM.AD.AD008K13805B7069a
next reply other threads:[~2008-12-07 17:14 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-07 17:13 devzero [this message]
-- strict thread matches above, loose matches on Subject: below --
2008-12-03 21:40 odd habits with binary blobs devzero
2008-12-07 7:55 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=534120846@web.de \
--to=devzero@web.de \
--cc=linux-kernel@vger.kernel.org \
--cc=pavel@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.