Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On 4 January 2017 at 20:59, Matthew Garrett wrote: > On Wed, Jan 4, 2017 at 1:46 PM, Greg Kroah-Hartman > wrote: >> On Wed, Jan 04, 2017 at 12:10:04PM -0600, Matthew Garrett wrote: >>> On Wed, Jan 4, 2017 at 3:32 AM, Greg Kroah-Hartman >>>

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On 4 January 2017 at 20:59, Matthew Garrett wrote: > On Wed, Jan 4, 2017 at 1:46 PM, Greg Kroah-Hartman > wrote: >> On Wed, Jan 04, 2017 at 12:10:04PM -0600, Matthew Garrett wrote: >>> On Wed, Jan 4, 2017 at 3:32 AM, Greg Kroah-Hartman >>> wrote: >>> > Turning on and off at random times "new

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 4, 2017 at 3:53 PM, Matthew Garrett wrote: > usb_choose_configuration() hasn't been called at this point, so no - > we don't create any device entries, so there's no way for userspace to > know anything (there isn't even a uevent on device plug). And even if > you

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 4, 2017 at 3:53 PM, Matthew Garrett wrote: > usb_choose_configuration() hasn't been called at this point, so no - > we don't create any device entries, so there's no way for userspace to > know anything (there isn't even a uevent on device plug). And even if > you could scrape the

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

Ugh let's try that again in plain text (How does the Android gmail client still not get this right‽) On Wed, Jan 4, 2017 at 2:47 PM, Greg Kroah-Hartman wrote: > On Wed, Jan 04, 2017 at 02:01:00PM -0600, Matthew Garrett wrote: >> On Wed, Jan 4, 2017 at 1:47 PM, Greg

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

Ugh let's try that again in plain text (How does the Android gmail client still not get this right‽) On Wed, Jan 4, 2017 at 2:47 PM, Greg Kroah-Hartman wrote: > On Wed, Jan 04, 2017 at 02:01:00PM -0600, Matthew Garrett wrote: >> On Wed, Jan 4, 2017 at 1:47 PM, Greg Kroah-Hartman >> wrote: >> >

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 04, 2017 at 02:01:00PM -0600, Matthew Garrett wrote: > On Wed, Jan 4, 2017 at 1:47 PM, Greg Kroah-Hartman > wrote: > > You know the device type and vendor/product id before you authorize it, > > you should be able to do this type of detection otherwise it

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 04, 2017 at 02:01:00PM -0600, Matthew Garrett wrote: > On Wed, Jan 4, 2017 at 1:47 PM, Greg Kroah-Hartman > wrote: > > You know the device type and vendor/product id before you authorize it, > > you should be able to do this type of detection otherwise it seems > > pretty pointless :)

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 4, 2017 at 1:47 PM, Greg Kroah-Hartman wrote: > You know the device type and vendor/product id before you authorize it, > you should be able to do this type of detection otherwise it seems > pretty pointless :) You know the vendor and product ID, which

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 4, 2017 at 1:47 PM, Greg Kroah-Hartman wrote: > You know the device type and vendor/product id before you authorize it, > you should be able to do this type of detection otherwise it seems > pretty pointless :) You know the vendor and product ID, which doesn't tell you whether one of

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 4, 2017 at 1:46 PM, Greg Kroah-Hartman wrote: > On Wed, Jan 04, 2017 at 12:10:04PM -0600, Matthew Garrett wrote: >> On Wed, Jan 4, 2017 at 3:32 AM, Greg Kroah-Hartman >> wrote: >> > Ick, hiding this in the power management code?

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 4, 2017 at 1:46 PM, Greg Kroah-Hartman wrote: > On Wed, Jan 04, 2017 at 12:10:04PM -0600, Matthew Garrett wrote: >> On Wed, Jan 4, 2017 at 3:32 AM, Greg Kroah-Hartman >> wrote: >> > Ick, hiding this in the power management code? That's messy, and >> > complex, as Rafael pointed out.

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 04, 2017 at 12:31:45PM -0600, Matthew Garrett wrote: > On Wed, Jan 4, 2017 at 12:10 PM, Matthew Garrett wrote: > > > > The USB authentication feature was intended for handling wireless USB > > devices - it can be reused for this, but the code isn't generic enough > >

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 04, 2017 at 12:31:45PM -0600, Matthew Garrett wrote: > On Wed, Jan 4, 2017 at 12:10 PM, Matthew Garrett wrote: > > > > The USB authentication feature was intended for handling wireless USB > > devices - it can be reused for this, but the code isn't generic enough > > to apply to other

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 04, 2017 at 12:10:04PM -0600, Matthew Garrett wrote: > On Wed, Jan 4, 2017 at 3:32 AM, Greg Kroah-Hartman > wrote: > > Ick, hiding this in the power management code? That's messy, and > > complex, as Rafael pointed out. > > It's in code that's used in the

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 04, 2017 at 12:10:04PM -0600, Matthew Garrett wrote: > On Wed, Jan 4, 2017 at 3:32 AM, Greg Kroah-Hartman > wrote: > > Ick, hiding this in the power management code? That's messy, and > > complex, as Rafael pointed out. > > It's in code that's used in the power management layer, not

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 4, 2017 at 12:10 PM, Matthew Garrett wrote: > > The USB authentication feature was intended for handling wireless USB > devices - it can be reused for this, but the code isn't generic enough > to apply to other bus types. The two interact in exactly the way you'd >

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 4, 2017 at 12:10 PM, Matthew Garrett wrote: > > The USB authentication feature was intended for handling wireless USB > devices - it can be reused for this, but the code isn't generic enough > to apply to other bus types. The two interact in exactly the way you'd > expect, ie they

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 4, 2017 at 3:32 AM, Greg Kroah-Hartman wrote: > Ick, hiding this in the power management code? That's messy, and > complex, as Rafael pointed out. It's in code that's used in the power management layer, not in power management code. This is all in the

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 4, 2017 at 3:32 AM, Greg Kroah-Hartman wrote: > Ick, hiding this in the power management code? That's messy, and > complex, as Rafael pointed out. It's in code that's used in the power management layer, not in power management code. This is all in the driver core. > Turning on and

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Tue, Jan 03, 2017 at 02:58:31PM -0800, Kees Cook wrote: > From: Matthew Garrett > > Various attacks are made possible due to the large attack surface of > kernel drivers and the easy availability of hotpluggable hardware that can > be programmed to mimic arbitrary devices.

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Tue, Jan 03, 2017 at 02:58:31PM -0800, Kees Cook wrote: > From: Matthew Garrett > > Various attacks are made possible due to the large attack surface of > kernel drivers and the easy availability of hotpluggable hardware that can > be programmed to mimic arbitrary devices. This allows

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 4, 2017 at 12:38 AM, Kees Cook wrote: > On Tue, Jan 3, 2017 at 3:34 PM, Rafael J. Wysocki wrote: >> On Tue, Jan 3, 2017 at 11:58 PM, Kees Cook wrote: >>> From: Matthew Garrett >>> >>> Various attacks

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Wed, Jan 4, 2017 at 12:38 AM, Kees Cook wrote: > On Tue, Jan 3, 2017 at 3:34 PM, Rafael J. Wysocki wrote: >> On Tue, Jan 3, 2017 at 11:58 PM, Kees Cook wrote: >>> From: Matthew Garrett >>> >>> Various attacks are made possible due to the large attack surface of >>> kernel drivers and the

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Tue, Jan 3, 2017 at 3:34 PM, Rafael J. Wysocki wrote: > On Tue, Jan 3, 2017 at 11:58 PM, Kees Cook wrote: >> From: Matthew Garrett >> >> Various attacks are made possible due to the large attack surface of >> kernel drivers and the

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Tue, Jan 3, 2017 at 3:34 PM, Rafael J. Wysocki wrote: > On Tue, Jan 3, 2017 at 11:58 PM, Kees Cook wrote: >> From: Matthew Garrett >> >> Various attacks are made possible due to the large attack surface of >> kernel drivers and the easy availability of hotpluggable hardware that can >> be

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Tue, Jan 3, 2017 at 11:58 PM, Kees Cook wrote: > From: Matthew Garrett > > Various attacks are made possible due to the large attack surface of > kernel drivers and the easy availability of hotpluggable hardware that can > be programmed to mimic

Re: [PATCH] Allow userspace control of runtime disabling/enabling of driver probing

On Tue, Jan 3, 2017 at 11:58 PM, Kees Cook wrote: > From: Matthew Garrett > > Various attacks are made possible due to the large attack surface of > kernel drivers and the easy availability of hotpluggable hardware that can > be programmed to mimic arbitrary devices. This allows attackers to

[PATCH] Allow userspace control of runtime disabling/enabling of driver probing

From: Matthew Garrett Various attacks are made possible due to the large attack surface of kernel drivers and the easy availability of hotpluggable hardware that can be programmed to mimic arbitrary devices. This allows attackers to find a single vulnerable driver and then

[PATCH] Allow userspace control of runtime disabling/enabling of driver probing

From: Matthew Garrett Various attacks are made possible due to the large attack surface of kernel drivers and the easy availability of hotpluggable hardware that can be programmed to mimic arbitrary devices. This allows attackers to find a single vulnerable driver and then produce a device that