Date: Mon, 09 Jan 2012 03:48:20 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: Florian Weimer <fw@...eb.enyo.de> Subject: Re: Malicious devices & vulnerabilties On 01/08/2012 07:19 PM, Florian Weimer wrote: > * Xi Wang: > >> I am wondering where to draw the line. Should such device drivers >> be considered vulnerable or not? Thanks. > > I think they should be considered vulnerable. Some applications need > some robustness to attacks even from the local console (e.g., student > computer rooms). > > USB is also a popular transport in many air-gapped environments. I would consider them vulnerable with low security impacts. If you are fixing such issues, do post them to the list. Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ