From: Eric Saint Etienne <eric.saint.etienne@oracle.com>
To: sparclinux@vger.kernel.org
Subject: Re: [PATCH] sparc64: Expose mdesc to sysfs
Date: Thu, 14 Dec 2017 11:01:58 +0000 [thread overview]
Message-ID: <4ef9ccd2-1212-90f0-2549-65f96f58e88f@oracle.com> (raw)
In-Reply-To: <201709160508.v8G58BRq011742@aserv0022.oracle.com>
>>> Can you please provide me with an example of an actual mdesc
>>> entry that needs sanitization? I believe you are thinking of
>>> passwords and crypto keys but I couldn't find any such entry
>>> on any machine I have access to.
>> Dave, I still have to read from you on this.
> I don't know, but based upon private communication we received from
> Greg Onufer some might exist.
>
> Please do a detailed audit of the mdesc properties that might contain
> passwords or other sensitive issues, and please provide the results
> of your audit on the list here.
Alexandre Chartres did part of that audit for us: he pointed out 2
sensitive mdesc keys that contain passwords and cryptographic keys.
I can't spend much more time on this patch. It's already out there in
the mailing list archive for whoever wants to use it.
That said this sanitization task should be on top of your sparc todo
list IMHO because the existing /dev/mdesc driver doesn't filter anything
as of today, so it leaks critical/sensitive data to the OS.
All the best with fixing /dev/mdesc.
-eric
next prev parent reply other threads:[~2017-12-14 11:01 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-16 5:08 [PATCH] sparc64: Expose mdesc to sysfs Eric Saint Etienne
2017-09-16 6:08 ` David Miller
2017-09-18 14:23 ` Eric Saint Etienne
2017-09-18 16:43 ` David Miller
2017-09-19 6:43 ` Eric Saint Etienne
2017-09-19 6:53 ` John Paul Adrian Glaubitz
2017-09-19 6:58 ` John Paul Adrian Glaubitz
2017-09-19 15:55 ` Anatoly Pugachev
2017-09-19 17:31 ` David Miller
2017-09-19 17:32 ` David Miller
2017-09-19 17:32 ` David Miller
2017-09-19 17:33 ` David Miller
2017-09-19 17:38 ` John Paul Adrian Glaubitz
2017-09-19 17:40 ` John Paul Adrian Glaubitz
2017-09-19 17:42 ` John Paul Adrian Glaubitz
2017-09-19 18:04 ` David Miller
2017-09-19 18:07 ` David Miller
2017-09-19 18:08 ` John Paul Adrian Glaubitz
2017-09-19 18:10 ` David Miller
2017-09-19 18:12 ` David Miller
2017-09-19 18:14 ` David Miller
2017-09-19 18:39 ` John Paul Adrian Glaubitz
2017-09-19 18:40 ` David Miller
2017-09-19 18:44 ` John Paul Adrian Glaubitz
2017-09-19 18:44 ` John Paul Adrian Glaubitz
2017-09-19 19:16 ` Eric Saint Etienne
2017-09-19 19:43 ` John Paul Adrian Glaubitz
2017-09-19 20:24 ` David Miller
2017-09-19 20:25 ` David Miller
2017-09-19 20:29 ` David Miller
2017-09-19 21:24 ` Anatoly Pugachev
2017-09-19 21:57 ` John Paul Adrian Glaubitz
2017-09-19 22:02 ` John Paul Adrian Glaubitz
2017-09-19 22:03 ` Kjetil Oftedal
2017-09-19 22:05 ` John Paul Adrian Glaubitz
2017-09-19 22:06 ` David Miller
2017-09-19 22:07 ` David Miller
2017-09-19 22:08 ` David Miller
2017-09-19 22:09 ` John Paul Adrian Glaubitz
2017-09-19 22:12 ` David Miller
2017-09-19 22:13 ` David Miller
2017-09-19 22:13 ` John Paul Adrian Glaubitz
2017-09-19 22:15 ` David Miller
2017-09-19 22:16 ` John Paul Adrian Glaubitz
2017-09-19 22:25 ` John Paul Adrian Glaubitz
2017-09-22 18:40 ` Anatoly Pugachev
2017-09-23 1:35 ` David Miller
2017-09-23 6:14 ` John Paul Adrian Glaubitz
2017-09-23 16:53 ` David Miller
2017-09-23 19:34 ` Frans van Berckel
2017-09-24 16:23 ` Wim Coekaerts
2017-09-24 20:54 ` Eric Saint Etienne
2017-09-25 21:33 ` David Miller
2017-09-29 9:13 ` Eric Saint Etienne
2017-09-29 9:14 ` Eric Saint-Etienne
2017-12-01 17:15 ` Eric Saint Etienne
2017-12-01 19:46 ` David Miller
2017-12-01 20:37 ` Eric Saint Etienne
2017-12-01 21:28 ` David Miller
2017-12-07 16:40 ` Eric Saint Etienne
2017-12-07 18:05 ` David Miller
2017-12-08 8:17 ` Alexandre Chartre
2017-12-14 11:01 ` Eric Saint Etienne [this message]
2017-12-14 13:44 ` David Miller
2017-12-14 14:59 ` Eric Saint Etienne
2017-12-14 16:08 ` David Miller
2017-12-14 17:07 ` Xose Vazquez Perez
2017-12-18 19:36 ` David Miller
2017-12-19 18:08 ` Wim Coekaerts
2017-12-19 18:12 ` Mark Cave-Ayland
2017-12-19 18:47 ` john falkenthal
2017-12-19 22:45 ` Greg Onufer
2017-12-20 1:03 ` john falkenthal
2017-12-20 1:12 ` David Miller
2017-12-20 7:34 ` Mark Cave-Ayland
2017-12-20 8:54 ` Frans van Berckel
2017-12-20 18:43 ` David Miller
2018-01-07 22:06 ` Xose Vazquez Perez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4ef9ccd2-1212-90f0-2549-65f96f58e88f@oracle.com \
--to=eric.saint.etienne@oracle.com \
--cc=sparclinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.