> When I last touched the capi code, I tried to remove it all, but we then
> left it in the kernel because the bluetooth cmtp code can still theoretically
> use it.
>
> May I ask how you managed to run into this? Did you find the bug through
> inspection first and then produce it using cmtp, or did you actually use
> cmtp?
I fuzz the bluez system and find a crash to analyze it and reproduce it.
> If the only purpose of cmtp is now to be a target for exploits, then I
> would suggest we consider removing both cmtp and capi for
> good after backporting your fix to stable kernels. Obviously
> if it turns out that someone actually uses cmtp and/or capi, we
> should not remove it.
>
Yes, I think this should be feasible.
Regards
butt3rflyh4ck.
--
Active Defense Lab of Venustech
Hi, I make a patch for this issue.
Regards,
butt3rflyh4ck.
On Fri, Sep 24, 2021 at 6:02 PM butt3rflyh4ck
<[email protected]> wrote:
>
> > When I last touched the capi code, I tried to remove it all, but we then
> > left it in the kernel because the bluetooth cmtp code can still theoretically
> > use it.
> >
> > May I ask how you managed to run into this? Did you find the bug through
> > inspection first and then produce it using cmtp, or did you actually use
> > cmtp?
>
> I fuzz the bluez system and find a crash to analyze it and reproduce it.
>
> > If the only purpose of cmtp is now to be a target for exploits, then I
> > would suggest we consider removing both cmtp and capi for
> > good after backporting your fix to stable kernels. Obviously
> > if it turns out that someone actually uses cmtp and/or capi, we
> > should not remove it.
> >
> Yes, I think this should be feasible.
>
> Regards
> butt3rflyh4ck.
>
>
> --
> Active Defense Lab of Venustech
--
Active Defense Lab of Venustech