[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150925071645.GA17385@gmail.com>
Date: Fri, 25 Sep 2015 09:16:45 +0200
From: Ingo Molnar <mingo@...nel.org>
To: Andy Lutomirski <luto@...capital.net>
Cc: Dave Hansen <dave@...1.net>, X86 ML <x86@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Peter Zijlstra <a.p.zijlstra@...llo.nl>,
Andy Lutomirski <luto@...nel.org>,
Borislav Petkov <bp@...en8.de>, Kees Cook <keescook@...gle.com>
Subject: Re: [PATCH 26/26] x86, pkeys: Documentation
* Andy Lutomirski <luto@...capital.net> wrote:
> This may mean that we want to have a way for binaries to indicate that they want
> their --x segments to be loaded with a particular protection key. The right way
> to do that might be using an ELF note, and I also want to use ELF notes to allow
> turning off vsyscalls, so maybe it's time to write an ELF note parser in the
> kernel.
That would be absolutely lovely for many other reasons as well, and we should also
add a tool to tools/ to edit/expand/shrink those ELF notes on existing systems.
I.e. make it really easy to augment security policies on an existing distro, using
any filesystem (not just ACL capable ones) and using the binary only. Linux
binaries could carry capabilities information, etc. etc.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists