| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120726142514.GA32158@lizard> Date: Thu, 26 Jul 2012 07:25:14 -0700 From: Anton Vorontsov <anton.vorontsov@...aro.org> To: Jason Wessel <jason.wessel@...driver.com> Cc: Andrew Morton <akpm@...ux-foundation.org>, Steven Rostedt <rostedt@...dmis.org>, John Stultz <john.stultz@...aro.org>, arve@...roid.com, linux-kernel@...r.kernel.org, linaro-kernel@...ts.linaro.org, patches@...aro.org, kernel-team@...roid.com, kgdb-bugreport@...ts.sourceforge.net Subject: [PATCH 0/7] KDB: Kiosk (reduced capabilities) mode Hi all, Here is a patchset that implements "kiosk" mode for KDB debugger. The mode provides reduced set of features, so that it is no longer possible to leak sensitive data via the debugger, and not possible to change program flow in a predefined manner. The are two use-cases for the mode, one is evil, but another is quite legitimate. The evil use case is used by some (ahem) phone manufaturers that want to have a debuging facilities on a production device, but still don't want you to use the debugger to gain root access. I don't like locked phones, and I would not touch this/get my hands dirty by implementing the feature just for this evil (IMHO) use case. But there is another non-evil use case: limitting access to public devices, i.e. "kiosks", ATMs (is that too much?) or just public computers w/ guest access. I can imagine that an administrator would want to setup a kernel so that upon an oops (or a sysrq event) the kernel would enter KDB, but at the same time, he would not want to leak sensitive data from the PC by means of the debugger. There are seven patches, the first five of them are just cleanups and preparations. I believe these five patches are good even if not considering the kiosk mode. And the rest of patches actually implement the mode -- it is pretty straightforward. Note that we might impelement the same mode for KGDB stub, but so far we don't bother. Thanks! -- include/linux/kdb.h | 16 ++-- kernel/debug/kdb/kdb_bp.c | 35 ++++---- kernel/debug/kdb/kdb_main.c | 183 +++++++++++++++++++++------------------- kernel/debug/kdb/kdb_private.h | 3 +- kernel/trace/trace_kdb.c | 4 +- 5 files changed, 126 insertions(+), 115 deletions(-) -- Anton Vorontsov Email: cbouatmailru@...il.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists