| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Mar 2016 22:46:46 -0800 From: Andy Lutomirski <luto@...capital.net> To: Kees Cook <keescook@...omium.org> Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Scott Bauer <sbauer@....utah.edu>, LKML <linux-kernel@...r.kernel.org>, "x86@...nel.org" <x86@...nel.org>, wmealing@...hat.com, Andi Kleen <ak@...ux.intel.com>, Abhiram Balasubramanian <abhiram@...utah.edu> Subject: Re: [kernel-hardening] Re: [PATCH v3 3/3] SROP mitigation: Add sysctl to disable SROP protection. On Wed, Mar 9, 2016 at 10:36 PM, Kees Cook <keescook@...omium.org> wrote: > On Tue, Mar 8, 2016 at 1:00 PM, One Thousand Gnomes > <gnomes@...rguk.ukuu.org.uk> wrote: >> On Tue, 8 Mar 2016 13:47:55 -0700 >> Scott Bauer <sbauer@....utah.edu> wrote: >> >>> This patch adds a sysctl argument to disable SROP protection. >> >> Shouldn't it be a sysctl to enable it irrevocably, otherwise if I have DAC >> capability I can turn off SROP and attack something to get to higher >> capability levels ? >> >> (The way almost all distros are set up its kind of academic but for a >> properly secured system it might matter). > > Perhaps use proc_dointvec_minmax_sysadmin instead to tie changes > strictly to CAP_SYS_ADMIN? I don't see why this needs to be irrevocable. If you have CAP_SYS_ADMIN or write access to /proc or whatever, you can do much worse things than turning off a user-level mitigation. For example, you can ptrace things. Also, you're already root, so what's the point? --Andy
Powered by blists - more mailing lists