| 1 |
On Mon, Feb 11, 2013 at 1:12 AM, Douglas Freed <dwfreed@×××.edu> wrote: |
| 2 |
> How does having additional firmware installed affect security at all? |
| 3 |
> Firmware is only loaded when specifically requested by a loaded driver that |
| 4 |
> needs to use it, and only if that driver is actually in use. That's like |
| 5 |
> saying a file that can only be written to by root, only normally read when |
| 6 |
> it's specifically needed, and if for some stupid reason is executed by an |
| 7 |
> unprivileged process will just result in a crash, affects security (hint: I |
| 8 |
> just described firmware). |
| 9 |
|
| 10 |
I can play captain obvious, too. Regardless, having to explicitly |
| 11 |
enable firmware based on need (e.g., after installing a wireless card) |
| 12 |
provides for more security. For instance, the user can opt to not |
| 13 |
enable the firmware and not use the card, if he doesn't trust |
| 14 |
manufacturer's software development process. If only the firmware that |
| 15 |
is actually used is installed, it is easier to go over it and review |
| 16 |
its security. Some firmware has multiple subversions, with the kernel |
| 17 |
being able to use any of them; some may be more trusted than others. |
| 18 |
Some firmware may be unnecessary for correct functioning of hardware, |
| 19 |
but is still loaded when available. All of these are valid reasons for |
| 20 |
not installing all possible firmware. Don't assume that your use case |
| 21 |
is identical to everyone else's. |
| 22 |
|
| 23 |
-- |
| 24 |
Maxim Kammerer |
| 25 |
Liberté Linux: http://dee.su/liberte |
Archives