From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gateway22.websitewelcome.com (gateway22.websitewelcome.com [192.185.47.179]) by mx.groups.io with SMTP id smtpd.web12.1114.1578605216440363873 for ; Thu, 09 Jan 2020 13:26:56 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="no key for verify" header.i=@montgomery1.com header.s=default header.b=taniYCmZ; spf=permerror, err=parse error for token &{10 18 bluehost.com}: parse error for token &{10 18 _spf.google.com}: parse error for token &{10 18 _netblocks3.google.com}: limit exceeded (domain: montgomery1.com, ip: 192.185.47.179, mailfrom: clay@montgomery1.com) Received: from cm14.websitewelcome.com (cm14.websitewelcome.com [100.42.49.7]) by gateway22.websitewelcome.com (Postfix) with ESMTP id BE56D9D3E for ; Thu, 9 Jan 2020 15:26:55 -0600 (CST) Received: from box5869.bluehost.com ([162.241.24.119]) by cmsmtp with SMTP id pfKRi7erOgq6IpfKRi0ca5; Thu, 09 Jan 2020 15:26:55 -0600 X-Authority-Reason: nr=8 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=montgomery1.com; s=default; h=Content-Type:In-Reply-To:MIME-Version:Date: Message-ID:From:References:To:Subject:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=49eGrgIwYMw+VDo5JRZlG/UosmPsCFlCr7wDCdtAWFs=; b=taniYCmZMtwgOQvc4Ah/Kz7/p /phnX6iahqQX10JA2KEgZ5pLswFcjQC+3uTcWoNaKvUIPk6Thc5H2sZzqOlYwS/Ie4h6RAudBFK40 fciRnJliSc321lpHCuhgdpBQimOojaUlVh4e/Dhg8P+iHodJCHbnzF2rmQT21PUF3EwAeTW53We/6 61L6LYOVPcvG8r8tZOWVOCY5exheFhIykZM1E6NdKKZxpFAozYvn9x6pN16SsoA7wckc1zaXJXMnK yb9IKdI/cS6wK86+j7HG7MHIyysrTs3WbqUMZ+Qf33CLvjpdRcOm9viyaud4qTl/rFmgNGylSRyAs r6u2Ko0Rg==; Received: from [97.99.192.131] (port=52495 helo=[192.168.0.3]) by box5869.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from ) id 1ipfKR-001cBi-Dk for meta-freescale@lists.yoctoproject.org; Thu, 09 Jan 2020 14:26:55 -0700 Subject: Re: [meta-freescale] Kernel support for i.MX6UL and 4.9 LTS updates To: meta-freescale@lists.yoctoproject.org References: <9027e187-0fa0-ea01-44a4-64874d6df403@montgomery1.com> <3c20af9f-9951-6492-83a2-8b69d4e3a11d@montgomery1.com> From: "Clay Montgomery" Organization: Montgomery One Message-ID: <814fa807-bcdd-43b9-174a-0e313a6f3765@montgomery1.com> Date: Thu, 9 Jan 2020 15:26:58 -0600 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1 MIME-Version: 1.0 In-Reply-To: X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - box5869.bluehost.com X-AntiAbuse: Original Domain - lists.yoctoproject.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - montgomery1.com X-BWhitelist: no X-Source-IP: 97.99.192.131 X-Source-L: No X-Exim-ID: 1ipfKR-001cBi-Dk X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: ([192.168.0.3]) [97.99.192.131]:52495 X-Source-Auth: clay@montgomery1.com X-Email-Count: 1 X-Source-Cap: bW9udGdvcjA7bW9udGdvcjA7Ym94NTg2OS5ibHVlaG9zdC5jb20= X-Local-Domain: yes Content-Type: multipart/alternative; boundary="------------FF77CE43FFE5680AC58A273B" Content-Language: en-US --------------FF77CE43FFE5680AC58A273B Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit On 1/9/2020 2:14 PM, Otavio Salvador wrote: > On Thu, Jan 9, 2020 at 5:08 PM Jesse Gilles wrote: >> On Thu, Jan 9, 2020 at 11:18 AM Clay Montgomery wrote: >> Hm, I don't agree. If an embedded Linux device uses Wi-Fi and Bluetooth communications, won't vulnerabilities affecting those parts of the kernel need to be patched? >> >> Examples: >> https://www.linuxkernelcves.com/cves/CVE-2019-17133 >> https://www.linuxkernelcves.com/cves/CVE-2019-16746 >> https://www.linuxkernelcves.com/cves/CVE-2019-9506 >> >> I believe some of these could be exploitable without accessing the device or gaining local privileges. > I agree with you Jesse and that's why we've been moving most of our > customers to Linux mainline. Most vendor BSP does not have stable > updates. > It depends in your target application/market. If anyone can connect to your device with Wi-Fi or Bluetooth, then obviously security is a lot more important. But, consider the digital signage player market, for example, where it's actually an advantage over Windows and Android devices to never require updates. Regards, Clay > --------------FF77CE43FFE5680AC58A273B Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit


On 1/9/2020 2:14 PM, Otavio Salvador wrote:
On Thu, Jan 9, 2020 at 5:08 PM Jesse Gilles <jesse.gilles@gmail.com> wrote:

On Thu, Jan 9, 2020 at 11:18 AM Clay Montgomery <clay@montgomery1.com> wrote:
Hm, I don't agree.  If an embedded Linux device uses Wi-Fi and Bluetooth communications, won't vulnerabilities affecting those parts of the kernel need to be patched?

Examples:
https://www.linuxkernelcves.com/cves/CVE-2019-17133
https://www.linuxkernelcves.com/cves/CVE-2019-16746
https://www.linuxkernelcves.com/cves/CVE-2019-9506

I believe some of these could be exploitable without accessing the device or gaining local privileges.

I agree with you Jesse and that's why we've been moving most of our
customers to Linux mainline. Most vendor BSP does not have stable
updates.

It depends in your target application/market. If anyone can connect to your device with Wi-Fi or Bluetooth, then obviously security is a lot more important.

But, consider the digital signage player market, for example, where it's actually an advantage over Windows and Android devices to never require updates.

Regards, Clay



    

  


--------------FF77CE43FFE5680AC58A273B--