179325 – sys-kernel/hardened-sources: Request to include fbsplash

Bug 179325 - sys-kernel/hardened-sources: Request to include fbsplash

Summary: sys-kernel/hardened-sources: Request to include fbsplash

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	All Linux

Importance:	High enhancement (vote)
Assignee:	The Gentoo Linux Hardened Kernel Team (OBSOLETE)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-05-21 15:05 UTC by Martin Väth
Modified:	2011-01-10 00:38 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Martin Väth 2007-05-21 15:05:19 UTC

It seems that newer versions of the fbsplash patch work flawlessly with the current hardened kernels, see http://forums.gentoo.org/viewtopic-t-559935.html

Since most patches from gentoo-sources are included into hardened-sources anyway, I request that also the fbsplash patch be included.

Comment 1 solar (RETIRED) gentoo-dev

2007-05-21 23:39:57 UTC

The chances of us including this are pretty slim to none on anything but a livecd.

Comment 2 solar (RETIRED) gentoo-dev

2007-05-21 23:40:26 UTC

Sorry I did not mean to close the bug. I'll let phreak close it when he is ready.

Comment 3 Christian Heim (RETIRED) gentoo-dev

2007-05-26 08:17:53 UTC

(In reply to comment #1)
> The chances of us including this are pretty slim to none on anything but a
> livecd.

As Ned already said, the chances are *very* slim. As I don't like to maintain a separate version besides the one in genpatches-2.6. hardened-sources is targeted to provide a *secure* environment for your applications, and by adding fbsplash we'd need to check fbsplash regularly for exploitable bugs.

Comment 4 Martin Väth 2007-05-26 08:58:47 UTC

When I had opened the bug, I was under the impression that including fbsplash is just a matter of auditing it once for security flaws and then taking the genpatches*.extra version. Of course, I had no idea how often fbsplash changes so that re-auditing would be necessary for each version. Sorry for the noise.

Comment 5 n3ph 2011-01-05 01:38:15 UTC

*bump*

Is this still (and will always be) state of the art?

Comment 6 Anthony Basile gentoo-dev

2011-01-05 12:34:58 UTC

I'm willing to consider this if: 1) it doesn't compromise security, 2) it doesn't mean a lot of extra maintenance.

fbsplash is nice but not necessary.

Comment 7 n3ph 2011-01-05 14:07:50 UTC

I am not very familiar with this stuff.. But i can't imagine how this could compromise security.. :?

Anyhow - It's just eye-candy - But it would be nice. I think you know what i mean....

Thx for attention

Comment 8 Anthony Basile gentoo-dev

2011-01-10 00:38:50 UTC

(In reply to comment #7)
> I am not very familiar with this stuff.. But i can't imagine how this could
> compromise security.. :?
> 
> Anyhow - It's just eye-candy - But it would be nice. I think you know what i
> mean....
> 
> Thx for attention
> 

I tried this and hit a kernel panic on amd64.  If you want to work on it and you get it going on recent hardened-sources, I'll be willing to put more time into this, but right now I've got more important issues to address.

Please reopen if you have a working patch and a brief howto.