Re: [kernel-hardening] 2015 kernel CVEs
From: Ben Hutchings
Date: Wed Jan 20 2016 - 12:05:57 EST
On Tue, 2016-01-19 at 09:54 -0800, Greg KH wrote:
> On Tue, Jan 19, 2016 at 04:32:08PM +0000, Ben Hutchings wrote:
> > As for USB descriptors, I'm somewhat more hopeful about hardening. ÂAt
> > the same time, it seems like it should be practical to put more low-
> > performance USB drivers into userspace.
> What drivers do we currently have in the kernel that should/could be
> done in userspace instead?ÂÂI'll gladly drop them from the tree.
An obvious example would be HID drivers. Â(I'll grant you that putting
those in user-space would complicate the boot process when a disk
encryption passphrase is needed.)
> And yes, we need to do better about handling crazy USB descriptors, I
> think the majority of this work is already done, but it takes
> hand-auditing to verify it :(
The program is absolutely right; therefore, the computer must be wrong.
Description: This is a digitally signed message part