1 |
On Mon, Feb 11, 2013 at 1:12 AM, Douglas Freed <dwfreed@×××.edu> wrote: |
2 |
> How does having additional firmware installed affect security at all? |
3 |
> Firmware is only loaded when specifically requested by a loaded driver that |
4 |
> needs to use it, and only if that driver is actually in use. That's like |
5 |
> saying a file that can only be written to by root, only normally read when |
6 |
> it's specifically needed, and if for some stupid reason is executed by an |
7 |
> unprivileged process will just result in a crash, affects security (hint: I |
8 |
> just described firmware). |
9 |
|
10 |
I can play captain obvious, too. Regardless, having to explicitly |
11 |
enable firmware based on need (e.g., after installing a wireless card) |
12 |
provides for more security. For instance, the user can opt to not |
13 |
enable the firmware and not use the card, if he doesn't trust |
14 |
manufacturer's software development process. If only the firmware that |
15 |
is actually used is installed, it is easier to go over it and review |
16 |
its security. Some firmware has multiple subversions, with the kernel |
17 |
being able to use any of them; some may be more trusted than others. |
18 |
Some firmware may be unnecessary for correct functioning of hardware, |
19 |
but is still loaded when available. All of these are valid reasons for |
20 |
not installing all possible firmware. Don't assume that your use case |
21 |
is identical to everyone else's. |
22 |
|
23 |
-- |
24 |
Maxim Kammerer |
25 |
Liberté Linux: http://dee.su/liberte |