Hi! I just want to note that while these may not be high-priority, they are still security holes to be fixed. > > When writing the attached file to /dev/uhid, a NULL dereference occurs > > in kernel. As I understand, the problem is not UHID-specific, but is > > related to HID subsystem. > > Thanks for the report. > I wanted to tell you that I started investigating the other private > report you sent us, but couldn't find the time to properly come with a > fix as the fuzzed data is hard to discriminate from valid data. > > A couple of notes though: > - writing to uhid needs to be done by root. Any distribution that > doesn't enforce that is doomed to have several security issues We want to protect kernel from root, too. > - we could somehow reproduce those fuzzed data on a USB or Bluetooth > connection, but that would require physical access to the device, so > you are doomed also Not neccessarily. Imagine a kiosk where PC is protected but keyboard uses USB connection. If our USB stack is buggy, you are doomed... but you should not be ;-). Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature
