On Wed, 2016-01-20 at 10:04 -0800, Greg KH wrote:
> On Wed, Jan 20, 2016 at 05:05:39PM +, Ben Hutchings wrote:
> > On Tue, 2016-01-19 at 09:54 -0800, Greg KH wrote:
> > > On Tue, Jan 19, 2016 at 04:32:08PM +, Ben Hutchings wrote:
> > > > As for USB descriptors, I'm somewhat more hopeful
On Wed, 20 Jan 2016, Greg KH wrote:
> Except for those drivers that abuse the HID interface due to the
> decisions the Windows developers made years ago, and are not reall HID
> devices, those should all be done in userspace, just like Windows does.
> Hopefully we have been good in keeping
On Wed, 20 Jan 2016, Greg KH wrote:
> Except for those drivers that abuse the HID interface due to the
> decisions the Windows developers made years ago, and are not reall HID
> devices, those should all be done in userspace, just like Windows does.
> Hopefully we have been good in keeping
On Wed, 2016-01-20 at 10:04 -0800, Greg KH wrote:
> On Wed, Jan 20, 2016 at 05:05:39PM +, Ben Hutchings wrote:
> > On Tue, 2016-01-19 at 09:54 -0800, Greg KH wrote:
> > > On Tue, Jan 19, 2016 at 04:32:08PM +, Ben Hutchings wrote:
> > > > As for USB descriptors, I'm somewhat more hopeful
> I know of at least two projects that enter user namespaces without the
> necessary care, one of them is LXC.
>
>
> > There is room for improvement in this area but I don't see how this
> > qualifies as a CVE.
>
> I think I agree with that.
If there are projects that screw it up then there
On Tue, Jan 19, 2016 at 04:47:32PM -0600, Eric W. Biederman wrote:
> Dan Carpenter writes:
>
> > I like to look back over old CVEs to see how we could do better. Here
> > is the list from 2015. I got most of this information from the Ubuntu
> > CVE tracker. Thanks Ubuntu!. If it doesn't have
On Wed, Jan 20, 2016 at 05:05:39PM +, Ben Hutchings wrote:
> On Tue, 2016-01-19 at 09:54 -0800, Greg KH wrote:
> > On Tue, Jan 19, 2016 at 04:32:08PM +, Ben Hutchings wrote:
> > > As for USB descriptors, I'm somewhat more hopeful about hardening. At
> > > the same time, it seems like it
On Tue, 2016-01-19 at 09:54 -0800, Greg KH wrote:
> On Tue, Jan 19, 2016 at 04:32:08PM +, Ben Hutchings wrote:
> > As for USB descriptors, I'm somewhat more hopeful about hardening. At
> > the same time, it seems like it should be practical to put more low-
> > performance USB drivers into
On Tue, 2016-01-19 at 09:54 -0800, Greg KH wrote:
> On Tue, Jan 19, 2016 at 04:32:08PM +, Ben Hutchings wrote:
> > As for USB descriptors, I'm somewhat more hopeful about hardening. At
> > the same time, it seems like it should be practical to put more low-
> > performance USB drivers into
On Wed, Jan 20, 2016 at 05:05:39PM +, Ben Hutchings wrote:
> On Tue, 2016-01-19 at 09:54 -0800, Greg KH wrote:
> > On Tue, Jan 19, 2016 at 04:32:08PM +, Ben Hutchings wrote:
> > > As for USB descriptors, I'm somewhat more hopeful about hardening. At
> > > the same time, it seems like it
On Tue, Jan 19, 2016 at 04:47:32PM -0600, Eric W. Biederman wrote:
> Dan Carpenter writes:
>
> > I like to look back over old CVEs to see how we could do better. Here
> > is the list from 2015. I got most of this information from the Ubuntu
> > CVE tracker. Thanks
> I know of at least two projects that enter user namespaces without the
> necessary care, one of them is LXC.
>
>
> > There is room for improvement in this area but I don't see how this
> > qualifies as a CVE.
>
> I think I agree with that.
If there are projects that screw it up then there
12 matches
Mail list logo