public inbox for linux-pm@vger.kernel.org
 help / color / mirror / Atom feed
From: Nigel Cunningham <ncunningham@crca.org.au>
To: Jonathan Brossard <jonathan@iviztechnosolutions.com>
Cc: ncunningham@users.sourceforge.net, chabaud@users.sourceforge.net,
	bernardb@users.sourceforge.net, seasons@users.sourceforge.net,
	techteam@ivizindia.com,
	"cer >> \"CERT(R) Coordination Center\"" <cert@cert.org>,
	mhfl@users.sourceforge.net,
	linux-pm <linux-pm@lists.linux-foundation.org>,
	Jonathan Brossard <jonathan@ivizindia.com>
Subject: Re: Vulnerability in Software Suspend 2 (all versions)
Date: Mon, 28 Jul 2008 19:40:46 +1000	[thread overview]
Message-ID: <1217238046.8430.154.camel@nigel-laptop> (raw)
In-Reply-To: <488D89A8.2050101@iviztechnosolutions.com>

Hi.

On Mon, 2008-07-28 at 14:26 +0530, Jonathan Brossard wrote:
> Dear Nigel,
> 
>  >Why do you think I'm in Switzerland? I'm actually a New Zealander,
> 
> >living in Australia.
> 
> Nothing against aussies, the project was once uppon a time austed at the federal school
> of Lausane, which afaik is in Switzerland...

Ah, okay. Now I'm with you. Yeah, the original author was Gabor Kuti.
After Gabor, Florent took over and then I took over from Florent. Gabor
and Florent have contributed for about 5 years, as far as I recall.

> >Okay. As mentioned in the previous reply, I don't think this is a bug
> >with TuxOnIce itself. If a BIOS data area needs clearing during resume,
> >I would suggest that something like the ACPI device driver should be
> >doing that, because if the memory needs clearing, it should need
> >clearing irrespective of whether you've hibernated or not.
> 
> Ok. I gave you the exploit. I gave you the explaination. I gave you the fix.
> Now, if you don't want to face the truth that you have a problem (why dont
> you just test the exploit ?) because you don't know how to use the BIOS API
> safely, that's fine : don't fix it, I don't really care.

I understand what you're saying, but I disagree with your diagnosis as
to where the problem lies. If you're talking about a password for
encrypted swap not being cleared (you haven't said what password you're
talking about yet), then the problem is with the program that's asking
you for the password, or the program that's using it (dmsetup?). The
TuxOnIce kernel patch doesn't ask for passwords or know anything about
where in memory passwords might be stored.

I'm a little confused by the fact that you're mentioning BIOS data and
TuxOnIce asking for a password. Are you talking about some buffer from
the BIOS that keypresses are stored in prior to being consumed by the
kernel's input driver (oh yeah, the kernel _is_ running when TuxOnIce
starts). If that's the case, your bug should perhaps be filed against
the input driver.

> Between : Can I quote you at my Defcon presentation  ?

Can we leave that question until we've sorted out what we're talking
about? I'm not at all unwilling to deal with a problem, but right now
I'm still trying to get clear in my head what the issue is.

Regards,

Nigel

  reply	other threads:[~2008-07-28  9:40 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <488D821D.5060603@iviztechnosolutions.com>
     [not found] ` <488D8449.2010006@iviztechnosolutions.com>
2008-07-28  8:48   ` Vulnerability in Software Suspend 2 (all versions) Nigel Cunningham
2008-07-28  8:50     ` Jonathan Brossard
2008-07-28  8:58       ` Nigel Cunningham
2008-07-28  8:59         ` Jonathan Brossard
2008-08-09 13:49           ` florent.chabaud
2008-08-09 23:53             ` Jonathan Brossard
2008-08-18  7:01             ` Jonathan Brossard
     [not found] ` <1217234068.8430.108.camel@nigel-laptop>
     [not found]   ` <488D86BB.1050500@iviztechnosolutions.com>
2008-07-28  8:52     ` Nigel Cunningham
2008-07-28  8:56       ` Jonathan Brossard
2008-07-28  9:40         ` Nigel Cunningham [this message]
2008-07-28 22:46           ` Rafael J. Wysocki

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1217238046.8430.154.camel@nigel-laptop \
    --to=ncunningham@crca.org.au \
    --cc=bernardb@users.sourceforge.net \
    --cc=cert@cert.org \
    --cc=chabaud@users.sourceforge.net \
    --cc=jonathan@ivizindia.com \
    --cc=jonathan@iviztechnosolutions.com \
    --cc=linux-pm@lists.linux-foundation.org \
    --cc=mhfl@users.sourceforge.net \
    --cc=ncunningham@users.sourceforge.net \
    --cc=seasons@users.sourceforge.net \
    --cc=techteam@ivizindia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox