| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 8 Sep 2013 17:15:42 +0000 From: Matthew Garrett <matthew.garrett@...ula.com> To: James Bottomley <James.Bottomley@...senPartnership.com> CC: Kees Cook <keescook@...omium.org>, Greg KH <gregkh@...uxfoundation.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>, "hpa@...or.com" <hpa@...or.com> Subject: Re: [PATCH V3 08/11] kexec: Disable at runtime if the kernel enforces module loading restrictions On Sun, 2013-09-08 at 10:11 -0700, James Bottomley wrote: > That's not true if you look at the use cases. Distros use signed > modules to taint the kernel: insert an unsigned one and the kernel > taints; insert a properly signed one and it doesn't. They use it for > support to tell if you've been adhering to your contract. That use case > has nothing to do with security. That use case has nothing to do with this patch, either. It's completely unaffected. This only triggers if the kernel is configured to refuse the loading of unsigned modules. > The analogy is rubbish. I can give away CAP_SYS_MODULE and enforce what > modules those I've given the permission to can insert by signing them. > I keep CAP_SYS_BOOT, so they can't use kexec to subvert this. Yeah, that's a good argument for why capabilities are mostly pointless. If I have CAP_SYS_BOOT I can give myself any other capabilities. Why bother? -- Matthew Garrett <matthew.garrett@...ula.com>
Powered by blists - more mailing lists