| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110527093853.GI21386@elte.hu> Date: Fri, 27 May 2011 11:38:53 +0200 From: Ingo Molnar <mingo@...e.hu> To: Vivek Goyal <vgoyal@...hat.com> Cc: Dan Rosenberg <drosenberg@...curity.com>, Tony Luck <tony.luck@...il.com>, linux-kernel@...r.kernel.org, davej@...hat.com, kees.cook@...onical.com, davem@...emloft.net, eranian@...gle.com, torvalds@...ux-foundation.org, adobriyan@...il.com, penberg@...nel.org, hpa@...or.com, Arjan van de Ven <arjan@...radead.org>, Andrew Morton <akpm@...ux-foundation.org>, Valdis.Kletnieks@...edu, pageexec@...email.hu Subject: Re: [RFC][PATCH] Randomize kernel base address on boot * Vivek Goyal <vgoyal@...hat.com> wrote: > > Is it common to run kexec-tools as non-root? It may be necessary > > to restrict this interface to root when randomization is used > > (keep in mind nobody's going to force you to turn this on by > > default, at least for the foreseeable future). > > kexec-tools runs as root. And I see that /proc/iomem permissions > are also for root only. So it probably is a non-issue. it might be an issue to keep in mind for later projects that try to lock down root itself from being able to patch the kernel (other than rebooting the box), using signed modules, disabled direct-ioport access, and other hardened facilities. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists