| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 8 Sep 2013 17:38:13 +0000 From: Matthew Garrett <matthew.garrett@...ula.com> To: James Bottomley <James.Bottomley@...senPartnership.com> CC: Kees Cook <keescook@...omium.org>, Greg KH <gregkh@...uxfoundation.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>, "hpa@...or.com" <hpa@...or.com> Subject: Re: [PATCH V3 08/11] kexec: Disable at runtime if the kernel enforces module loading restrictions On Sun, 2013-09-08 at 10:32 -0700, James Bottomley wrote: > On Sun, 2013-09-08 at 17:27 +0000, Matthew Garrett wrote: > > > It's an argument that CAP_SYS_BOOT is too powerful yes, but if you > > > recall, I said I keep that one. In the rather lame analogy, what I do > > > by giving away CAP_SYS_MODULE and enforcing module signing while keeping > > > CAP_SYS_BOOT is allow people into my conservatory to play with the > > > plants but not into my house to steal the silver ... saying CAP_SYS_BOOT > > > is too powerful doesn't affect that use case because I haven't given > > > away CAP_SYS_BOOT. > > > > Ok, sorry, I had your meaning inverted. Yes, permitting the loading of > > signed modules while preventing the use of kexec is a completely > > reasonable configuration - so reasonable that it's what this patch > > causes the kernel to do automatically. > > Well, no, it doesn't because with this patch, *I* can't use kexec ... > you've just locked me out of my own house. Hm. Ok, that's a more compelling argument than Greg's. Let me think about whether there's a convenient way of supporting this. -- Matthew Garrett <matthew.garrett@...ula.com>
Powered by blists - more mailing lists