[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160308210013.15ee166d@lxorguk.ukuu.org.uk>
Date: Tue, 8 Mar 2016 21:00:13 +0000
From: One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>
To: Scott Bauer <sbauer@....utah.edu>
Cc: linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com,
x86@...nel.org, wmealing@...hat.com, ak@...ux.intel.com,
luto@...capital.net, Abhiram Balasubramanian <abhiram@...utah.edu>
Subject: Re: [PATCH v3 3/3] SROP mitigation: Add sysctl to disable SROP
protection.
On Tue, 8 Mar 2016 13:47:55 -0700
Scott Bauer <sbauer@....utah.edu> wrote:
> This patch adds a sysctl argument to disable SROP protection.
Shouldn't it be a sysctl to enable it irrevocably, otherwise if I have DAC
capability I can turn off SROP and attack something to get to higher
capability levels ?
(The way almost all distros are set up its kind of academic but for a
properly secured system it might matter).
Alan
Powered by blists - more mailing lists