| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1386634788.24817.46.camel@rhapsody> Date: Mon, 09 Dec 2013 17:19:48 -0700 From: Khalid Aziz <khalid@...ehiking.org> To: Kees Cook <keescook@...omium.org> Cc: linux-kernel@...r.kernel.org, Matthew Garrett <matthew.garrett@...ula.com>, Rik van Riel <riel@...hat.com>, Peter Zijlstra <peterz@...radead.org>, kexec@...ts.infradead.org, Eric Biederman <ebiederm@...ssion.com>, Andrew Morton <akpm@...ux-foundation.org>, Ingo Molnar <mingo@...nel.org>, Vivek Goyal <vgoyal@...hat.com>, Mel Gorman <mgorman@...e.de> Subject: Re: [PATCH] kexec: add sysctl to disable kexec On Mon, 2013-12-09 at 15:38 -0800, Kees Cook wrote: > For general-purpose (i.e. distro) kernel builds it makes sense to build with > CONFIG_KEXEC to allow end users to choose what kind of things they want to do > with kexec. However, in the face of trying to lock down a system with such > a kernel, there needs to be a way to disable kexec (much like module loading > can be disabled). Without this, it is too easy for the root user to modify > kernel memory even when CONFIG_STRICT_DEVMEM and modules_disabled are set. > > Signed-off-by: Kees Cook <keescook@...omium.org> Giving Sys admins more control to secure their system is a good idea. This addition looks good to me. -- Khalid -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists