lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 11 Oct 2013 13:44:19 -0700
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Matthew Garrett <mjg59@...f.ucam.org>
Cc:	Richard Weinberger <richard@....at>,
	Richard Weinberger <richard.weinberger@...il.com>,
	Vivek Goyal <vgoyal@...hat.com>,
	Daniel Kiper <daniel.kiper@...cle.com>, hbabu@...ibm.com,
	"H. Peter Anvin" <hpa@...ux.intel.com>,
	Kees Cook <keescook@...omium.org>, kexec@...ts.infradead.org,
	LKML <linux-kernel@...r.kernel.org>, david.vrabel@...rix.com,
	jbeulich@...e.com, keir@....org, xen-devel@...ts.xen.org
Subject: Re: kexec: Clearing registers just before jumping into purgatory

Matthew Garrett <mjg59@...f.ucam.org> writes:

> On Fri, Oct 11, 2013 at 06:59:41PM +0200, Richard Weinberger wrote:
>> Am 11.10.2013 18:55, schrieb Matthew Garrett:
>> > On Fri, Oct 11, 2013 at 06:47:19PM +0200, Richard Weinberger wrote:
>> > 
>> >> But you still need a magic tool which create you this list.
>> > 
>> > I just read /proc/kallsyms. I'm really not doing anything complicated.
>> > 
>> >> If you have a tool which takes two kernel images and create such
>> >> a delta, fine.
>> > 
>> > Isn't that ksplice?
>> 
>> So, you have a variant of ksplice which is able to kexec?
>
> No, I manually look up some addresses from /proc/kallsyms and then 
> modify them in the second kernel.

An interesting approach I think most of the rest of us would have just
built a module, or rebuilt our kernels.

Now if this is a backwards argument to remove that silly code path it
totally fails because now we know the code has not bit-rotted and
that there are active users.

If you are still pushing the signed-boot agenda I eagerly await your
patches to make all of this work in a sensible way with signed binaries.

Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ