Re: [linux-usb-devel] Re: [Security] [vendor-sec] [BUG/PATCH/RFC] Oops while completing async USB via usbdevio

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Sep 27, 2005 at 10:02:16AM -0700, Linus Torvalds wrote:
> On Tue, 27 Sep 2005, Sergey Vlasov wrote:
> > 
> > The initial patch added get_task_struct()/put_task_struct() calls to
> > fix this - are they forbidden too?
> 
> They are sure as hell not something that a _driver_ is supposed to use.
> 
> > It at least has sigio_perm(), which prevents exploiting it to send
> > signals to tasks you don't have access to.
> 
> And the point is, you can do that _too_.
> 
> Do it right. Don't cache pointers to threads. Use the pid.

So what happened to this thread?  Was I simply removed from the Cc, or
did the thread cease?  Or is there a "secret" fix on vendor-sec?

I'm probably the person in this thread who understands the least about
the USB stack and the scheduler, but if there is no implementation of
Linus' suggested "PID approach" yet, I'd be willing to write a patch and
test it. Please let me know.

Please also understand that I never argued that my initial patch was a
good solution, or that I wanted it to have merged.  I just wanted to
show that there is a real-world problem, and it somehow needs to be fixed.

Cheers,

-- 
- Harald Welte <[email protected]>          	        http://gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
                                                  (ETSI EN 300 175-7 Ch. A6)

Attachment: pgpOqly07crds.pgp
Description: PGP signature

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]
  Powered by Linux