| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140904165606.640df107@alan.etchedpixels.co.uk> Date: Thu, 4 Sep 2014 16:56:06 +0100 From: One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk> To: "H. Peter Anvin" <h.peter.anvin@...el.com> Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, Matthew Garrett <mjg59@...f.ucam.org> Subject: Re: RFC: Tainting the kernel on raw I/O access On Wed, 03 Sep 2014 15:25:32 -0700 "H. Peter Anvin" <h.peter.anvin@...el.com> wrote: > On 09/03/2014 03:20 PM, One Thousand Gnomes wrote: > > > > If you just want some "detector bits" for bug report filtering them its > > quite a different need to fixing "secure" boot mode. Even in the detector > > bits case there should be an overall plan and some defined properties > > that provide the security and which you can show should always be true. > > > > As far as I'm concerning this is just a set of "detector bits". My > observation was simply that this is a *subset* of what "secure boot" > will eventually need. I think that observation is untrue. The only partially overap. > (As far as I'm concerned, I'd be happy tainting the kernel for any > operation that requires CAP_RAWIO, but maybe that is too extreme.) You can't then for example format some types of disk in your data center. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists