https://bugzilla.novell.com/show_bug.cgi?id=210899 ------- Comment #12 from novell_alias@avongauss.info 2006-11-18 23:44 MST ------- Sorry for creating duplicate 222511 - not sure why the search on bugzilla.novell.com didn't return this ticket when searching for "CONFIG_USB_DEVICEFS". After reading the history on this ticket, it sounds like this has turned in to a closed source verses open source debate - I hope I'm wrong. In case I am wrong, here a couple of key points: The current release of the VMware products (Workstation 5.5.3/Server 1.0.1) still rely on the "/proc/bus/usb" construct to provide USB functionality to virtual machines. The belief and statements that VMware already has a fix or that an upgraded version is currently available is inaccurate. Users upgrading to SUSE 10.2 that use VMware products and rely on VM USB functionality will find that it will not work on SUSE 10.2 without rebuilding their kernel. The security concern with the "/proc/bus/usb" construct is valid. As mentioned previously SUSE addressed this concern by changing the default behavior of the system to no longer mount the usbfs automatically, thus mitigating the exposure. Support for usbfs has not been dropped from the offical Linux kernel tree. As the security concern only comes in to play when the "filesystem" is mounted, logically the best compromise and resolution at the moment seems to be to continue the methodology established with SUSE 10.1 which is to include USB_DEVICEFS support in the kernel build and by default to not auto-mount the usbfs filesystem. That way users have a choice and are not forced to rebuild a kernel manually. Unless there is a security issue with just having USB_DEVICEFS support built in to the kernel, the decision to remove it at this point seems to be arbitrary. I don't believe anybody would expect SUSE to "support" third-party applications, but as an operating system vendor I would like to think compatibility with existing applications would always be a concern especially when releasing a new version of the operating system platform. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.