2014-01-12 17:59:44

by Stefan Richter

[permalink] [raw]
Subject: Re: security review needed - Re: [PATCH] ohci: Turn remote DMA support into a module parameter

On Dec 23 Stefan Richter wrote:
> On Dec 22 Lubomir Rintel wrote:
> > This makes it possible to debug kernel over FireWire without the need to
> > recompile it.
> >
> > Cc: Stefan Richter <[email protected]>
> > Cc: Dave Hansen <[email protected]>
> > Signed-off-by: Lubomir Rintel <[email protected]>
>
> Looks good to me. A load-time option is preferable over a compile-time
> option not only from the POV of the debugging use case, but also from the
> maintenance POV.
>
> It weakens security in two scenarios though, AFAICS:
>
> A)
> - There are firewire-ohci and firewire-sbp2 installed on the machine,
> - the attacker cannot upload code
> - but can load kernel modules
> - and has physical access to a 1394 port
> - and is not able to run a minimal SBP-2 target on the remote 1394 end.
>
> B)
> - There is firewire-ohci but not firewire-sbp2 installed on the machine,
> - the attacker cannot upload code
> - but can load kernel modules
> - and has physical access to a 1394 port.
>
> (In both scenarios, the attacker additionally has to be able to /un/load
> kernel modules if firewire-ohci was loaded already before the attack.)
>
> That's both quite specific. Hence the security impact of this patch is
> negligible in my opinion. Any other opinions or insights into it?

Since there were no objections, I committed it to linux1394.git master
and for-next now.
--
Stefan Richter
-=====-====- ---= -==--
http://arcgraph.de/sr/