| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20131221113845.GA9002@lst.de> Date: Sat, 21 Dec 2013 12:38:45 +0100 From: Torsten Duwe <duwe@....de> To: Kees Cook <keescook@...omium.org> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, Vivek Goyal <vgoyal@...hat.com>, Matthew Garrett <mjg59@...f.ucam.org>, Greg KH <greg@...ah.com>, LKML <linux-kernel@...r.kernel.org>, kexec@...ts.infradead.org, "H. Peter Anvin" <hpa@...or.com>, Peter Jones <pjones@...hat.com> Subject: Re: [PATCH 4/6] kexec: A new system call, kexec_file_load, for in kernel kexec On Fri, Dec 20, 2013 at 03:20:16PM -0800, Kees Cook wrote: > > If we're doing fd origin verification (not signatures), can't we > continue to use a regular bzImage? I imagine the verification function is separated from the new kexec. It gets passed the proposed new kernel file*, an optional signature file*, and maybe hints about the kernel format and system security state. With that function, you can do whatever you want. If you want to take an early positive exit due to the location of the new kernel, you're fine. Torsten -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists