From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752638AbcLFHLI (ORCPT <rfc822;w@1wt.eu>);
        Tue, 6 Dec 2016 02:11:08 -0500
Received: from mail.linuxfoundation.org ([140.211.169.12]:57940 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752332AbcLFHLD (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 6 Dec 2016 02:11:03 -0500
Date: Tue, 6 Dec 2016 08:11:04 +0100
From: Greg KH <gregkh@linuxfoundation.org>
To: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
Cc: David Howells <dhowells@redhat.com>, linux-kernel@vger.kernel.org,
        linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
        minyard@acm.org
Subject: Re: [PATCH 01/39] Annotate module params that specify hardware
 parameters (eg. ioport)
Message-ID: <20161206071104.GA10292@kroah.com>
References: <20161201150135.GA10317@kroah.com>
 <148059537897.31612.9461043954611464597.stgit@warthog.procyon.org.uk>
 <148059538747.31612.8974972913601108271.stgit@warthog.procyon.org.uk>
 <18118.1480608146@warthog.procyon.org.uk>
 <20161205211227.4cc792d6@lxorguk.ukuu.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20161205211227.4cc792d6@lxorguk.ukuu.org.uk>
User-Agent: Mutt/1.7.2 (2016-11-26)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Dec 05, 2016 at 09:12:27PM +0000, One Thousand Gnomes wrote:
> On Thu, 01 Dec 2016 16:02:26 +0000
> David Howells <dhowells@redhat.com> wrote:
> 
> > Greg KH <gregkh@linuxfoundation.org> wrote:
> > 
> > > Also, I think Alan's comment about it the last time it came up was more like
> > > a "look at all of the other ways you could do bad things to hardware!"
> > > comment, not a "you need to also do this thing too!" type of request.  
> 
> 
> In all honesty I think both need to go in together, otherwise the first
> patch is useless. It's not a case of "oh there may be another obscure
> exploit .." , this is "I can automate it with a python script, post a
> CVE, and show I'm awesome" 8)

What about all of the ways you can change ioports dynamically from
ioctls?  Or can't python write ioctls to device nodes?  :)

thanks,

greg k-h