mailing list archives
Re: Malicious devices & vulnerabilties
From: Eugene Teo <eugene () redhat com>
Date: Mon, 09 Jan 2012 03:48:20 +0800
On 01/08/2012 07:19 PM, Florian Weimer wrote:
* Xi Wang:
I am wondering where to draw the line. Should such device drivers
be considered vulnerable or not? Thanks.
I think they should be considered vulnerable. Some applications need
some robustness to attacks even from the local console (e.g., student
USB is also a popular transport in many air-gapped environments.
I would consider them vulnerable with low security impacts. If you are
fixing such issues, do post them to the list.