From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-180716-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id B01781396D9
	for <garchives@archives.gentoo.org>; Wed,  8 Nov 2017 15:40:29 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 085C8E0ED2;
	Wed,  8 Nov 2017 15:40:23 +0000 (UTC)
Received: from blaine.gmane.org (unknown [195.159.176.226])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 99CC2E0EA5
	for <gentoo-user@lists.gentoo.org>; Wed,  8 Nov 2017 15:40:22 +0000 (UTC)
Received: from list by blaine.gmane.org with local (Exim 4.84_2)
	(envelope-from <lnx-gentoo-user@m.gmane.org>)
	id 1eCSSa-00009I-07
	for gentoo-user@lists.gentoo.org; Wed, 08 Nov 2017 16:40:12 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: gentoo-user@lists.gentoo.org
From: Grant Edwards <grant.b.edwards@gmail.com>
Subject: [gentoo-user] Re: Linux USB security holes.
Date: Wed, 8 Nov 2017 15:40:02 +0000 (UTC)
Message-ID: <otv8gi$jhi$1@blaine.gmane.org>
References: <65c1af14-a224-4c9f-1ca8-eca4ccc71d0f@gmail.com>
 <CAAD4mYjqpT8CLPSfsvHOOdaRSbacW6aJQc-4Wnde6iV1v45Y4w@mail.gmail.com>
X-Complaints-To: usenet@blaine.gmane.org
User-Agent: slrn/1.0.2 (Linux)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
X-Archives-Salt: 4d84fa3a-dec9-4410-acc1-bc8c8ab73c73
X-Archives-Hash: 15d6ac83537efc8950ae8135c47f9233

On 2017-11-08, R0b0t1 <r030t1@gmail.com> wrote:
> On Tue, Nov 7, 2017 at 11:08 PM, Dale <rdalek1967@gmail.com> wrote:
>> Howdy,
>>
>> I ran up on this link.  Is there any truth to it and should any of us
>> Gentooers be worried about it?
>>
>> http://www.theregister.co.uk/2017/11/07/linux_usb_security_bugs/
>>
>> Isn't Linux supposed to be more secure than this??
>>
>
> In theory. There was no comment on the existence of such bugs in the
> Windows driver stack, but they likely exist. However, note:
>
> "The impact is quite limited, all the bugs require physical access to
> trigger," said Konovalov. "Most of them are denial-of-service, except
> for a few that might be potentially exploitable to execute code in the
> kernel."

Expecting a machine to be immune from DoS attacks by somebody who is
allowed to touch the machine is indeed delusion on a pretty grand
scale.  Expecting a machine to be immune to other non-DoS attacks when
they can touch the machine is moderately deluded.

-- 
Grant Edwards               grant.b.edwards        Yow! Don't hit me!!  I'm in
                                  at               the Twilight Zone!!!
                              gmail.com