Re: [kernel-hardening] 2015 kernel CVEs

On Wed, 2016-01-20 at 10:04 -0800, Greg KH wrote: > On Wed, Jan 20, 2016 at 05:05:39PM +, Ben Hutchings wrote: > > On Tue, 2016-01-19 at 09:54 -0800, Greg KH wrote: > > > On Tue, Jan 19, 2016 at 04:32:08PM +, Ben Hutchings wrote: > > > > As for USB descriptors, I'm somewhat more hopeful

Re: [kernel-hardening] 2015 kernel CVEs

On Wed, 20 Jan 2016, Greg KH wrote: > Except for those drivers that abuse the HID interface due to the > decisions the Windows developers made years ago, and are not reall HID > devices, those should all be done in userspace, just like Windows does. > Hopefully we have been good in keeping

Re: [kernel-hardening] 2015 kernel CVEs

On Wed, 20 Jan 2016, Greg KH wrote: > Except for those drivers that abuse the HID interface due to the > decisions the Windows developers made years ago, and are not reall HID > devices, those should all be done in userspace, just like Windows does. > Hopefully we have been good in keeping

Re: [kernel-hardening] 2015 kernel CVEs

On Wed, 2016-01-20 at 10:04 -0800, Greg KH wrote: > On Wed, Jan 20, 2016 at 05:05:39PM +, Ben Hutchings wrote: > > On Tue, 2016-01-19 at 09:54 -0800, Greg KH wrote: > > > On Tue, Jan 19, 2016 at 04:32:08PM +, Ben Hutchings wrote: > > > > As for USB descriptors, I'm somewhat more hopeful

Re: [kernel-hardening] 2015 kernel CVEs

> I know of at least two projects that enter user namespaces without the > necessary care, one of them is LXC. > > > > There is room for improvement in this area but I don't see how this > > qualifies as a CVE. > > I think I agree with that. If there are projects that screw it up then there

Re: [kernel-hardening] 2015 kernel CVEs

On Tue, Jan 19, 2016 at 04:47:32PM -0600, Eric W. Biederman wrote: > Dan Carpenter writes: > > > I like to look back over old CVEs to see how we could do better. Here > > is the list from 2015. I got most of this information from the Ubuntu > > CVE tracker. Thanks Ubuntu!. If it doesn't have

Re: [kernel-hardening] 2015 kernel CVEs

On Wed, Jan 20, 2016 at 05:05:39PM +, Ben Hutchings wrote: > On Tue, 2016-01-19 at 09:54 -0800, Greg KH wrote: > > On Tue, Jan 19, 2016 at 04:32:08PM +, Ben Hutchings wrote: > > > As for USB descriptors, I'm somewhat more hopeful about hardening.  At > > > the same time, it seems like it

Re: [kernel-hardening] 2015 kernel CVEs

On Tue, 2016-01-19 at 09:54 -0800, Greg KH wrote: > On Tue, Jan 19, 2016 at 04:32:08PM +, Ben Hutchings wrote: > > As for USB descriptors, I'm somewhat more hopeful about hardening.  At > > the same time, it seems like it should be practical to put more low- > > performance USB drivers into

Re: [kernel-hardening] 2015 kernel CVEs

On Tue, 2016-01-19 at 09:54 -0800, Greg KH wrote: > On Tue, Jan 19, 2016 at 04:32:08PM +, Ben Hutchings wrote: > > As for USB descriptors, I'm somewhat more hopeful about hardening.  At > > the same time, it seems like it should be practical to put more low- > > performance USB drivers into

Re: [kernel-hardening] 2015 kernel CVEs

On Wed, Jan 20, 2016 at 05:05:39PM +, Ben Hutchings wrote: > On Tue, 2016-01-19 at 09:54 -0800, Greg KH wrote: > > On Tue, Jan 19, 2016 at 04:32:08PM +, Ben Hutchings wrote: > > > As for USB descriptors, I'm somewhat more hopeful about hardening.  At > > > the same time, it seems like it

Re: [kernel-hardening] 2015 kernel CVEs

On Tue, Jan 19, 2016 at 04:47:32PM -0600, Eric W. Biederman wrote: > Dan Carpenter writes: > > > I like to look back over old CVEs to see how we could do better. Here > > is the list from 2015. I got most of this information from the Ubuntu > > CVE tracker. Thanks

Re: [kernel-hardening] 2015 kernel CVEs

> I know of at least two projects that enter user namespaces without the > necessary care, one of them is LXC. > > > > There is room for improvement in this area but I don't see how this > > qualifies as a CVE. > > I think I agree with that. If there are projects that screw it up then there