Linux also affected by hole in Ralink's Wi-fi driver (heise online) [LWN.net]

Re: Linux also affected by hole in Ralink's Wi-fi driver (heise online)

Posted Jan 30, 2009 1:00 UTC (Fri) by tetromino (subscriber, #33846) [Link]

> So "Linux" isn't affected by this bug at all.

The vanilla Linux kernel isn't. Linux (the operating system*) is. A security hole in a popular out-of-tree driver, just like a security hole in a popular userspace package or library, is still a security hole in the OS.

* Even if you believe that the OS should be called GNU/Linux, most of the rest of the world, including the author and the intended audience of the heise online article, use the name "Linux" to refer to the entire OS.

Re: Linux also affected by hole in Ralink's Wi-fi driver (heise online)

Posted Jan 30, 2009 1:05 UTC (Fri) by kmeyer (guest, #50720) [Link]

> The vanilla Linux kernel isn't. Linux (the operating system*) is. A
> security hole in a popular out-of-tree driver, just like a security hole
> in a popular userspace package or library, is still a security hole in
> the OS.

Yes, I meant the vanilla kernel.

Re: Linux also affected by hole in Ralink's Wi-fi driver (heise online)

Posted Feb 5, 2009 8:53 UTC (Thu) by trasz (guest, #45786) [Link]

Nobody cares about the "vanilla kernel", as it's not even able to boot, due to missing init(8). Linux, as an operating system, _is_ affected.

Re: Linux also affected by hole in Ralink's Wi-fi driver (heise online)

Posted Jan 30, 2009 14:58 UTC (Fri) by dgm (subscriber, #49227) [Link]

Out of tree drivers are for a reason, usually because of poor code quality. How can you consider a bug in such code a Linux' bug?

Re: Linux also affected by hole in Ralink's Wi-fi driver (heise online)

Posted Feb 2, 2009 10:42 UTC (Mon) by regala (subscriber, #15745) [Link]

a driver can be out-of-tree for way more reasons than just poor-quality-code...

Re: Linux also affected by hole in Ralink's Wi-fi driver (heise online)

Posted Jan 30, 2009 1:02 UTC (Fri) by jwb (guest, #15467) [Link]

There is a driver for the rt2870 in Linus' kernel tree, but the report doesn't mention that hardware.

Re: Linux also affected by hole in Ralink's Wi-fi driver (heise online)

Posted Jan 30, 2009 1:41 UTC (Fri) by BenHutchings (subscriber, #37955) [Link]

I'm one of the Debian maintainers for the affected drivers. Based on my inspection of the code for each of the Ralink drivers, I believe that the rt2860 driver does not have this particular bug. The bug involves inconsistent treatment of a byte as signed or unsigned, and rt2860 treats it consistently as unsigned. The rt61 and rt73 drivers are affected, but rt61 is not in Debian and rt73 is not in the current stable distribution (etch).

Re: Linux also affected by hole in Ralink's Wi-fi driver (heise online)

Posted Jan 30, 2009 1:45 UTC (Fri) by BenHutchings (subscriber, #37955) [Link]

I actually looked at rt2860, not rt2870, which is not in Debian yet. However rt2870 also consistently uses unsigned.

Re: Linux also affected by hole in Ralink's Wi-fi driver (heise online)

Posted Jan 30, 2009 9:39 UTC (Fri) by PO8 (guest, #41661) [Link]

Thanks much, Ben, for the clear and quick status report, and for a great example of why open source is so great!

Re: Linux also affected by hole in Ralink's Wi-fi driver (heise online)

Posted Jan 30, 2009 19:01 UTC (Fri) by nhippi (subscriber, #34640) [Link]

> I'm one of the Debian maintainers for the affected drivers

Debian is supposedly all about quality, yet, for some bizarre reason it is still preferred to wrap out-of-mainline crap drivers in nice and shiny lintian clean packages. It might be well packaged, but it's still just a well packaged TURD.

Instead, distros should move the the manpower from packaging out-of-tree drivers into getting the drivers into mainline-level quality and merging it to their distros via the mainline kernel. Yes it's harder, but it's also much much more rewarding - and your users deserve high quality drivers, right?

Re: Linux also affected by hole in Ralink's Wi-fi driver (heise online)

Posted Feb 2, 2009 10:54 UTC (Mon) by regala (subscriber, #15745) [Link]

> Debian is supposedly all about quality, yet, for some bizarre reason it is > still preferred to wrap out-of-mainline crap drivers in nice and shiny
> lintian clean packages. It might be well packaged, but it's still just a
> well packaged TURD.

so nice of you...

> Instead, distros should move the the manpower from packaging out-of-tree
> drivers into getting the drivers into mainline-level quality and merging
> it to their distros via the mainline kernel. Yes it's harder, but it's
> also much much more rewarding - and your users deserve high quality
> drivers, right?

Getting a driver into mainline-level quality requires more skills than just Debian packaging skills.
First, stating that an out-of-tree driver has to be poor in quality is simply wrong: some upstream maintainers choose not to try to include their code in mainline for whatever reasons and some out-of-tree drivers are really well-written code. Second, some packagers may try and do so, but the fact that it is not included does not mean the package (and the packager) is crap. so easy to criticize, if you want something, instead of whining -- because it's what it is, rude and mean -- just do it yourself.

Re: Linux also affected by hole in Ralink's Wi-fi driver (heise online)

Posted Feb 5, 2009 2:54 UTC (Thu) by BenHutchings (subscriber, #37955) [Link]

"Debian is supposedly all about quality, yet, for some bizarre reason it is still preferred to wrap out-of-mainline crap drivers in nice and shiny lintian clean packages. It might be well packaged, but it's still just a well packaged TURD."

True in many cases, yes.

"Instead, distros should move the the manpower from packaging out-of-tree drivers into getting the drivers into mainline-level quality and merging it to their distros via the mainline kernel. Yes it's harder, but it's also much much more rewarding - and your users deserve high quality drivers, right?"

That requires quite different skills - which I did not have when I took on this maintainership, and which many Debian package maintainers do not have. Today I am a kernel developer, but in the mean time these drivers have been completely rewritten for inclusion in Linux. Debian only retains the out-of-tree versions for those whose hardware may not be handled correctly by the in-tree drivers.

Re: Linux also affected by hole in Ralink's Wi-fi driver (heise online)

Posted Feb 5, 2009 4:36 UTC (Thu) by fjorba (subscriber, #6175) [Link]

rt61 is in Etch official linux-image-2.6.24-etchnhalf (thanks, Debian!)

$ lsmod | grep rt61
rt61pci                23232  0 
rt2x00pci              10048  1 rt61pci
rt2x00lib              20096  2 rt61pci,rt2x00pci
mac80211              115052  3 rt61pci,rt2x00pci,rt2x00lib
eeprom_93cx6            2336  1 rt61pci

Re: Linux also affected by hole in Ralink's Wi-fi driver (heise online)

Posted Jan 30, 2009 1:56 UTC (Fri) by undefined (guest, #40876) [Link]

since 2.6.24 there have been in-tree drivers for several ralink wireless chipsets, but those drivers are unaffected as they are not the drivers that were ported from windows.

the security flaw was first found in the windows drivers and is applicable to the ported linux drivers, known as "legacy" in the ralink linux community.

the windows drivers were "ported" to linux by ralink and can probably still be found hosted on their website. eventually "freed", the linux drivers were adopted by the community and maintained. eventually there was a decision to rewrite the drivers. these were the "beta" drivers and targeted the wireless driver frameworks (first intel's, then devicescape's). these drivers were accepted into the 2.6.24 kernel.

more history can be found at http://rt2x00.serialmonkey.com/wiki/index.php/History.

the announcement pertains to me (or at least did this morning ;-) because i run ubuntu 8.04 on a laptop with a rt2500 wireless card, which though it includes the 2.6.24 kernel with the in-tree rt2500 driver, that driver has a few glaring bugs, requiring me to use the legacy driver for any network stability.

this morning i "backported" the patched rt2500-source package from debian unstable to hardy and built the kernel module for the recently updated hardy kernel (not that it matters as the abi didn't changed with the latest update) to close the security hole. i'm curious how ubuntu is going to handle this because the rt2500-source package is not in main, though i see it recommended over the buggy in-tree drivers present in hardy's kernel package. heck, the rt2500-source package in hardy doesn't even build against hardy's kernel due to SET_MODULE_OWNER macro being removed from the kernel but referenced in the driver's source, so hardy's rt2500-source package needs more than just a security update.

Re: Linux also affected by hole in Ralink's Wi-fi driver (heise online)

Posted Feb 2, 2009 19:18 UTC (Mon) by Felix.Braun (subscriber, #3032) [Link]

For those willing to live on the bleeding edge, I can say that the "beta" rt2x00 drivers are working quite fine for me since 2.6.29-rc. Even the long standing mysterious slow transmission rates have been fixed for me. So you if you're used to compiling your own kernels / drivers anyway, you might want to give the newer versions a shot.

Re: Linux also affected by hole in Ralink's Wi-fi driver (heise online)

Posted Feb 16, 2009 21:06 UTC (Mon) by jhodgdon (guest, #56683) [Link]

I use the rt73usb driver that is in the Linux kernel tree (in directory drivers/net/wireless/rt2x00).

This is a "modified legacy" driver from the SerialMonkey project.

Is this driver affected by this security flaw? If so, can someone point me to a patch for this driver? I am comfortable compiling my own kernels, but I didn't see a pointer as to where the patches are.