Hi,
Binyamin Sharet writes:
>>> I think this will cause existing implementation over gadgetfs to fail
>>> with this
>>> special kernel (as now it will delegate everything all of the time). How
>>> about
>>> using a ioctl to configure it, but wrapping this ioctl with Kconfig?
On 08/19/2016 10:31 AM, Felipe Balbi wrote:
> Hi,
>
> Binyamin Sharet writes:
>> I think this will cause existing implementation over gadgetfs to fail
>> with this
>> special kernel (as now it will delegate everything all of the time). How
>> about
>> using a ioctl to configure
On Thu, 18 Aug 2016, Felipe Balbi wrote:
> >> You mean a ep0 ioctl? Makes sense to me. Then we can add more features
> >> later. Perhaps just add a "Get supported features" IOCTL which returns
> >> a struct with 256 bits (4x uint64_t). I doubt we will ever need that
> >> many bits, but better safe
Hi,
Binyamin Sharet writes:
> I think this will cause existing implementation over gadgetfs to fail
> with this
> special kernel (as now it will delegate everything all of the time). How
> about
> using a ioctl to configure it, but wrapping this ioctl with Kconfig?
> This
On 08/18/2016 03:18 PM, Felipe Balbi wrote:
> Hi,
>
> Binyamin Sharet writes:
>
> [...]
>
>> Many USB host implementations, including at least older versions of
>> Linux,
>> have bugs in the enumeration phase. While I cannot pinpoint a ToC/ToU
>> vulnerability in the configuration
Hi,
Binyamin Sharet writes:
[...]
> Many USB host implementations, including at least older versions of Linux,
> have bugs in the enumeration phase. While I cannot pinpoint a ToC/ToU
> vulnerability in the configuration descriptor at the moment, I found more
> than
> a cou
On 08/18/2016 01:25 PM, Felipe Balbi wrote:
> Hi,
>
> Binyamin Sharet writes:
I get your point, what I propose is not to change the default behavior
of gadgetfs,
but allow it to enter to a special mode by the user. I am aware of the
issues that it
might
Hi,
Binyamin Sharet writes:
>>> I get your point, what I propose is not to change the default behavior
>>> of gadgetfs,
>>> but allow it to enter to a special mode by the user. I am aware of the
>>> issues that it
>>> might raise, and understand your concerns. However, I am a
On 08/18/2016 10:44 AM, Felipe Balbi wrote:
> Hi,
>
> Binyamin Sharet writes:
>> Felipe, Greg,
>>
>> You wrote pretty much the same things on two separate threads,
>> so I will answer only here...
>>
>> On Tue, Aug 16, 2016 at 1:51 PM, Felipe Balbi
>> wrote:
>>> Hi,
>>>
>>> Binyamin Sharet write
Hi,
Binyamin Sharet writes:
> Felipe, Greg,
>
> You wrote pretty much the same things on two separate threads,
> so I will answer only here...
>
> On Tue, Aug 16, 2016 at 1:51 PM, Felipe Balbi
> wrote:
>>
>> Hi,
>>
>> Binyamin Sharet writes:
> 2. At least in my case, where I wan't to use g
On Tue, Aug 16, 2016 at 03:20:41PM +0300, Binyamin Sharet wrote:
> Many USB host implementations, including at least older versions of Linux,
We can't go back in time and fix code, sorry :)
> have bugs in the enumeration phase. While I cannot pinpoint a ToC/ToU
> vulnerability in the configuratio
Felipe, Greg,
You wrote pretty much the same things on two separate threads,
so I will answer only here...
On Tue, Aug 16, 2016 at 1:51 PM, Felipe Balbi
wrote:
>
> Hi,
>
> Binyamin Sharet writes:
2. At least in my case, where I wan't to use gadgetfs for fuzzing
other USB hosts, I
Hi,
Binyamin Sharet writes:
>>> 2. At least in my case, where I wan't to use gadgetfs for fuzzing
>>> other USB hosts, I
>>> can't really fuzz various stages of the enumeration phase,
>>> specifically in the case of
>>> descriptors that are usually requested at least twice (e.g.
>>> configuratio
On Tue, Aug 16, 2016 at 12:37:07PM +0300, Binyamin Sharet wrote:
> Hi,
>
> On Tue, Aug 16, 2016 at 11:36 AM, Felipe Balbi
> wrote:
> >
> > Hi,
> >
> > Binyamin Sharet writes:
> >>> Alan Stern writes:
> > I'm using GadgetFs for USB host fuzzing (using umap2),
> > and part of the fuzzing
Hi,
On Tue, Aug 16, 2016 at 11:36 AM, Felipe Balbi
wrote:
>
> Hi,
>
> Binyamin Sharet writes:
>>> Alan Stern writes:
> I'm using GadgetFs for USB host fuzzing (using umap2),
> and part of the fuzzing session is to send invalid descriptors at
> various stages.
>
> However, so
Hi,
Binyamin Sharet writes:
>> Alan Stern writes:
I'm using GadgetFs for USB host fuzzing (using umap2),
and part of the fuzzing session is to send invalid descriptors at
various stages.
However, some requests are not delegated to user-land (see gadgetfs_setup()
in
Hi,
On Tue, Aug 16, 2016 at 10:23 AM, Felipe Balbi
wrote:
>
> Hi,
>
> Alan Stern writes:
>>> I'm using GadgetFs for USB host fuzzing (using umap2),
>>> and part of the fuzzing session is to send invalid descriptors at
>>> various stages.
>>>
>>> However, some requests are not delegated to user-l
Hi,
Alan Stern writes:
>> I'm using GadgetFs for USB host fuzzing (using umap2),
>> and part of the fuzzing session is to send invalid descriptors at
>> various stages.
>>
>> However, some requests are not delegated to user-land (see gadgetfs_setup()
>> in gadget/legacy/inode.c),
>> Specificall
On Fri, 12 Aug 2016, Binyamin Sharet wrote:
> Hi,
>
> I'm using GadgetFs for USB host fuzzing (using umap2),
> and part of the fuzzing session is to send invalid descriptors at
> various stages.
>
> However, some requests are not delegated to user-land (see gadgetfs_setup()
> in gadget/legacy/in
On Fri, Aug 12, 2016 at 09:44:17PM +0300, Binyamin Sharet wrote:
> Hi,
>
> I'm using GadgetFs for USB host fuzzing (using umap2),
> and part of the fuzzing session is to send invalid descriptors at
> various stages.
>
> However, some requests are not delegated to user-land (see gadgetfs_setup()
>
Hi,
I'm using GadgetFs for USB host fuzzing (using umap2),
and part of the fuzzing session is to send invalid descriptors at
various stages.
However, some requests are not delegated to user-land (see gadgetfs_setup()
in gadget/legacy/inode.c),
Specifically - GET_DESCRIPTOR (device/configuration)
21 matches
Mail list logo
