| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 8 Sep 2013 17:27:32 +0000 From: Matthew Garrett <matthew.garrett@...ula.com> To: James Bottomley <James.Bottomley@...senPartnership.com> CC: Kees Cook <keescook@...omium.org>, Greg KH <gregkh@...uxfoundation.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>, "hpa@...or.com" <hpa@...or.com> Subject: Re: [PATCH V3 08/11] kexec: Disable at runtime if the kernel enforces module loading restrictions > It's an argument that CAP_SYS_BOOT is too powerful yes, but if you > recall, I said I keep that one. In the rather lame analogy, what I do > by giving away CAP_SYS_MODULE and enforcing module signing while keeping > CAP_SYS_BOOT is allow people into my conservatory to play with the > plants but not into my house to steal the silver ... saying CAP_SYS_BOOT > is too powerful doesn't affect that use case because I haven't given > away CAP_SYS_BOOT. Ok, sorry, I had your meaning inverted. Yes, permitting the loading of signed modules while preventing the use of kexec is a completely reasonable configuration - so reasonable that it's what this patch causes the kernel to do automatically. -- Matthew Garrett <matthew.garrett@...ula.com>
Powered by blists - more mailing lists