| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1363798166.2553.29.camel@x230.sbx07502.somerma.wayport.net> Date: Wed, 20 Mar 2013 16:49:26 +0000 From: Matthew Garrett <matthew.garrett@...ula.com> To: Mimi Zohar <zohar@...ux.vnet.ibm.com> CC: James Morris <jmorris@...ei.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-security-module@...r.kernel.org" <linux-security-module@...r.kernel.org>, "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>, "kexec@...ts.infradead.org" <kexec@...ts.infradead.org>, "linux-pci@...r.kernel.org" <linux-pci@...r.kernel.org> Subject: Re: [PATCH 01/12] Security: Add CAP_COMPROMISE_KERNEL On Wed, 2013-03-20 at 12:41 -0400, Mimi Zohar wrote: > Matthrew, perhaps you could clarify whether this will be tied to MAC > security. Based on the kexec thread, I'm under the impression that is > not the intention, or at least not for kexec. As root isn't trusted, > neither is the boot command line, nor any policy that is loaded by root, > including those for MAC. The work done on signed initramfs fragments would seem to be the best option here so far? -- Matthew Garrett | mjg59@...f.ucam.org
Powered by blists - more mailing lists