Re: [alsa-devel] what's the kernel policy WRT firmware parsing security?

Dne 06. 10. 19 v 12:47 Guennadi Liakhovetski napsal(a):

Hi,

I decided to have a look at whether the ALSA topology parsing is bullet proof against malformed topology files. It seems not quite to be the case. At least I seem to have found a possibility of crashing the kernel by a malformed topology file. I haven't tested it, so, maybe I'm wrong.

In principle, firmware files can only be written by root, and if you have root access to the system, it's anyway doomed. Is this the approach and we aren't really trying to make topology parsing 100% safe, or do we want to fix any such possible parsing issues?

The kernel should not crash. Dot. If you found a serious issue, please, report it or better, send the fix.

Thanks, Jaroslav