[alsa-devel] what's the kernel policy WRT firmware parsing security?
Guennadi Liakhovetski
guennadi.liakhovetski at linux.intel.com
Mon Oct 7 16:16:51 CEST 2019
Hi Jaroslav,
On Sun, Oct 06, 2019 at 04:10:28PM +0200, Jaroslav Kysela wrote:
> Dne 06. 10. 19 v 12:47 Guennadi Liakhovetski napsal(a):
> > Hi,
> >
> > I decided to have a look at whether the ALSA topology parsing is bullet
> > proof against malformed topology files. It seems not quite to be the case.
> > At least I seem to have found a possibility of crashing the kernel by a
> > malformed topology file. I haven't tested it, so, maybe I'm wrong.
> >
> > In principle, firmware files can only be written by root, and if you have
> > root access to the system, it's anyway doomed. Is this the approach and
> > we aren't really trying to make topology parsing 100% safe, or do we want
> > to fix any such possible parsing issues?
>
> The kernel should not crash. Dot. If you found a serious issue, please,
> report it or better, send the fix.
Sorry, I'm still configuring / getting used to mutt and git send-mail on this
PC, so adding you to CC didn't work out :-/ Here's a link:
https://mailman.alsa-project.org/pipermail/alsa-devel/2019-October/156352.html
Thanks
Guennadi
> Thanks,
> Jaroslav
>
> --
> Jaroslav Kysela <perex at perex.cz>
> Linux Sound Maintainer; ALSA Project; Red Hat, Inc.
More information about the Alsa-devel
mailing list