| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 6 Mar 2011 11:36:24 -0800 (PST) From: david@...g.hm To: Vasiliy Kulikov <segoon@...nwall.com> cc: linux-kernel@...r.kernel.org, security@...nel.org, Len Brown <len.brown@...el.com>, Pavel Machek <pavel@....cz>, "Rafael J. Wysocki" <rjw@...k.pl>, linux-pm@...ts.linux-foundation.org Subject: Re: [PATCH] power: disable hibernation if module loading is disabled On Fri, 4 Mar 2011, Vasiliy Kulikov wrote: > If /proc/sys/kernel/modules_disabled is set to 1, then nobody (even full > root) may not read/write arbitrary kernel memory. In spite of it, > hibernation allows anyone with an access to either /dev/snapshot or > /sys/power/ make the full snapshot of the system. This snapshot may be > freely changed and uploaded back. given that the user can boot a different OS entirely and modify the stored image, I don't see how this can work, even conceptually. and tieing anything modules related to hibernation is just wrong, you are mixing completely different concepts (even if the implementation happens to be similar) David Lang -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists