| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <877ev2rnt1.fsf@linux.vnet.ibm.com>
Date: Tue, 07 Nov 2017 15:39:06 -0200
From: Thiago Jung Bauermann <bauerman@...ux.vnet.ibm.com>
To: David Howells <dhowells@...hat.com>
Cc: linux-security-module@...r.kernel.org, gnomes@...rguk.ukuu.org.uk,
linux-efi@...r.kernel.org, matthew.garrett@...ula.com,
gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
jforbes@...hat.com
Subject: Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown
Hello David,
David Howells <dhowells@...hat.com> writes:
> +static struct sysrq_key_op lockdown_lift_sysrq_op = {
> + .handler = sysrq_handle_lockdown_lift,
> + .help_msg = "unSB(x)",
> + .action_msg = "Disabling Secure Boot restrictions",
> + .enable_mask = SYSRQ_DISABLE_USERSPACE,
> +};
> +
> +static int __init lockdown_lift_sysrq(void)
> +{
> + if (kernel_locked_down) {
> + lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY;
> + register_sysrq_key(LOCKDOWN_LIFT_KEY, &lockdown_lift_sysrq_op);
> + }
> + return 0;
> +}
> +
> +late_initcall(lockdown_lift_sysrq);
> +
> +#endif /* CONFIG_ALLOW_LOCKDOWN_LIFT_BY_KEY */
On non-x86 platforms (tested on powerpc) this fails to build with:
security/lock_down.c: In function ‘lockdown_lift_sysrq’:
security/lock_down.c:100:40: error: ‘LOCKDOWN_LIFT_KEY’ undeclared (first use in this function)
lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY;
^~~~~~~~~~~~~~~~~
security/lock_down.c:100:40: note: each undeclared identifier is reported only once for each function it appears in
--
Thiago Jung Bauermann
IBM Linux Technology Center
Powered by blists - more mailing lists