From: Greg KH <gregkh@suse.de>
To: Adrian Bunk <bunk@stusta.de>
Cc: chrisw@sous-sol.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [2.6 patch] remove the Root Plug Support sample module
Date: Sat, 22 Apr 2006 14:36:02 -0700 [thread overview]
Message-ID: <20060422213602.GA25500@suse.de> (raw)
In-Reply-To: <20060422085737.GL19754@stusta.de>
On Sat, Apr 22, 2006 at 10:57:37AM +0200, Adrian Bunk wrote:
> On Fri, Apr 21, 2006 at 01:29:18PM -0700, Greg KH wrote:
> >...
> > So, I'd like to keep this in the tree, for as long as the LSM interface
> > sticks around, if possible. It's not hurting anything, and it does work
> > for users, and is a good example starting point for people wanting to
> > use the LSM interface.
> >
> > Unless there are any known security problems with it? If so, please let
> > me know.
>
> Using USB Vendor ID/USB Product ID for identifying an USB device doesn't
> seem to bring real security since:
> - every other device of the same type works as well
> - using an arbitrary USB device with a manipulated
> USB Vendor ID/USB Product ID seems quite possible
>
> It might work as an example, but if people think it would bring them
> real security that's a dangerous misunderstanding.
What it gives people is a level of security for users that do not have
physical access to the machine. If you have access to it, yes, of
course you can plug your own device in with the needed ids.
So, I'd still like to keep it around, unless LSM itself goes away.
thanks,
greg k-h
next prev parent reply other threads:[~2006-04-22 22:04 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-21 20:19 [2.6 patch] remove the Root Plug Support sample module Adrian Bunk
2006-04-21 20:22 ` Chris Wright
2006-04-21 20:29 ` Greg KH
2006-04-22 8:57 ` Adrian Bunk
2006-04-22 21:36 ` Greg KH [this message]
2006-04-22 21:50 ` Tony Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060422213602.GA25500@suse.de \
--to=gregkh@suse.de \
--cc=bunk@stusta.de \
--cc=chrisw@sous-sol.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox