> When I last touched the capi code, I tried to remove it all, but we then > left it in the kernel because the bluetooth cmtp code can still theoretically > use it. > > May I ask how you managed to run into this? Did you find the bug through > inspection first and then produce it using cmtp, or did you actually use > cmtp? I fuzz the bluez system and find a crash to analyze it and reproduce it. > If the only purpose of cmtp is now to be a target for exploits, then I > would suggest we consider removing both cmtp and capi for > good after backporting your fix to stable kernels. Obviously > if it turns out that someone actually uses cmtp and/or capi, we > should not remove it. > Yes, I think this should be feasible. Regards butt3rflyh4ck. -- Active Defense Lab of Venustech
