From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 3A92B13897D for ; Sun, 10 Feb 2013 23:12:17 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D14D121C066; Sun, 10 Feb 2013 23:12:12 +0000 (UTC) Received: from mail-ve0-f172.google.com (mail-ve0-f172.google.com [209.85.128.172]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C8C2221C001 for ; Sun, 10 Feb 2013 23:12:11 +0000 (UTC) Received: by mail-ve0-f172.google.com with SMTP id cz11so4721648veb.17 for ; Sun, 10 Feb 2013 15:12:11 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type:x-gm-message-state; bh=W5EksOkLoU5Ghe524QaBf1zOotqCs+XKxAzwtQ22sPg=; b=G4tNISYav0zfAUHZ/i4uZAxjN9bNHXOVhNMcq+jWQTS+g0uNQWjwC4zxgZfTO27Phz EjARBxz8qDn/Eo1GH6n7Ydmf4rG3FFUMpfeRsVLJOLlmc4Ki8RknXzTZ+nVkLT67T/vG B+j6iwKBDz+q/i49JusgdCK0zkb79XqiVTcak7GFsUnsePfc5i2266V0T7qem1Orz5py +FSDpmsYtOP9HBSaDSgAzaG8sr2Y0ySgUuSuclEruafujZl/fWxpRRm4oI6FISpZdMJT Y6gVrNI3akcL7Zpprb69m2EFhvMmgpeu61waNuRgmyhVBbBx+x6Tz7/5n5Ub36UlpvCR a8QQ== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.220.149.198 with SMTP id u6mr16304753vcv.52.1360537930862; Sun, 10 Feb 2013 15:12:10 -0800 (PST) Received: by 10.58.216.165 with HTTP; Sun, 10 Feb 2013 15:12:10 -0800 (PST) Received: by 10.58.216.165 with HTTP; Sun, 10 Feb 2013 15:12:10 -0800 (PST) In-Reply-To: References: <5117560B.3090709@gentoo.org> <511805F0.9070101@gentoo.org> Date: Sun, 10 Feb 2013 18:12:10 -0500 Message-ID: Subject: Re: [gentoo-dev] Lastrite: Firmware cleanup, part #1 From: Douglas Freed To: gentoo-dev@lists.gentoo.org Content-Type: multipart/alternative; boundary=f46d043c816c128fcb04d566ec3f X-Gm-Message-State: ALoCoQlVXUQMYWndL5alNSyVnogncJwNxQ4HRRp/y+TZu01LXBX+vWUHTkvsO4d15mxHbJIS/TFZ X-Archives-Salt: c7af82d0-358f-43cb-97f3-8896bc9ecd27 X-Archives-Hash: a61ef379a66465ea2bd9f9ed0af960a8 --f46d043c816c128fcb04d566ec3f Content-Type: text/plain; charset=UTF-8 > Combined with various less-than-free licenses, installing one huge blob of > firmware is problematic for many users, also from a security point of view. How does having additional firmware installed affect security at all? Firmware is only loaded when specifically requested by a loaded driver that needs to use it, and only if that driver is actually in use. That's like saying a file that can only be written to by root, only normally read when it's specifically needed, and if for some stupid reason is executed by an unprivileged process will just result in a crash, affects security (hint: I just described firmware). -Doug --f46d043c816c128fcb04d566ec3f Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

> Combined with various less-than-free licenses, installi= ng one huge blob of
> firmware is problematic for many users, also from a security point of = view.

How does having additional firmware installed affect securit= y at all?=C2=A0 Firmware is only loaded when specifically requested by a lo= aded driver that needs to use it, and only if that driver is actually in us= e.=C2=A0 That's like saying a file that can only be written to by root,= only normally read when it's specifically needed, and if for some stup= id reason is executed by an unprivileged process will just result in a cras= h, affects security (hint: I just described firmware).

-Doug

--f46d043c816c128fcb04d566ec3f--