From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932762AbcASRyS (ORCPT ); Tue, 19 Jan 2016 12:54:18 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:53239 "EHLO out1-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932414AbcASRyL (ORCPT ); Tue, 19 Jan 2016 12:54:11 -0500 X-Sasl-enc: LGJpmWdVmrTJ2QNsrYUF5mwFD3hNFKax2vNj3p9Oou14 1453226050 Date: Tue, 19 Jan 2016 09:54:09 -0800 From: Greg KH To: kernel-hardening@lists.openwall.com Cc: linux-kernel@vger.kernel.org Subject: Re: [kernel-hardening] 2015 kernel CVEs Message-ID: <20160119175409.GB7485@kroah.com> References: <20160119112812.GA10818@mwanda> <1453221128.3734.26.camel@decadent.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1453221128.3734.26.camel@decadent.org.uk> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 19, 2016 at 04:32:08PM +0000, Ben Hutchings wrote: > As for USB descriptors, I'm somewhat more hopeful about hardening.  At > the same time, it seems like it should be practical to put more low- > performance USB drivers into userspace. What drivers do we currently have in the kernel that should/could be done in userspace instead? I'll gladly drop them from the tree. And yes, we need to do better about handling crazy USB descriptors, I think the majority of this work is already done, but it takes hand-auditing to verify it :( thanks, greg k-h