oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Malicious devices & vulnerabilties

From: Eugene Teo <eugene () redhat com>
Date: Mon, 09 Jan 2012 03:48:20 +0800
On 01/08/2012 07:19 PM, Florian Weimer wrote:

* Xi Wang:


I am wondering where to draw the line.  Should such device drivers
be considered vulnerable or not?  Thanks.


I think they should be considered vulnerable.  Some applications need
some robustness to attacks even from the local console (e.g., student
computer rooms).

USB is also a popular transport in many air-gapped environments.


I would consider them vulnerable with low security impacts. If you are
fixing such issues, do post them to the list.

Thanks, Eugene
Previous By Date Next
Previous By Thread Next

Current thread: