| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Mar 2013 18:02:53 -0700 From: "H. Peter Anvin" <hpa@...or.com> To: Matthew Garrett <matthew.garrett@...ula.com> CC: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org, kexec@...ts.infradead.org, linux-pci@...r.kernel.org Subject: Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL On 03/18/2013 02:32 PM, Matthew Garrett wrote: > > This means we can return our focus to the kernel. There's currently a number > of kernel interfaces that permit privileged userspace to modify the running > kernel. These are currently protected by CAP_SYS_RAWIO, but unfortunately > the semantics of this capability are poorly defined and it now covers a large > superset of the desired behaviour. > ... except it doesn't. Looking at it in detail, EVERYTHING in CAP_SYS_RAWIO has the possibility of compromising the kernel, because they let device drivers be bypassed, which means arbitrary DMA, which means you have everything. Now, a lot of the abuses of CAP_SYS_RAWIO have clearly been added by people who had *no bloody clue* what that capability meant, but it really doesn't change the fact that pretty much if you have CAP_SYS_RAWIO you have the machine. So just reject CAP_SYS_RAWIO. -hpa -- H. Peter Anvin, Intel Open Source Technology Center I work for Intel. I don't speak on their behalf. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists