[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201801120820.w0C8K9WC014594@wind.enjellic.com>
Date: Fri, 12 Jan 2018 02:20:09 -0600
From: "Dr. Greg Wettstein" <greg@...d.enjellic.com>
To: Alan Cox <gnomes@...rguk.ukuu.org.uk>,
Thomas Gleixner <tglx@...utronix.de>
Cc: Jon Masters <jcm@...hat.com>,
"Woodhouse, David" <dwmw@...zon.co.uk>,
Paolo Bonzini <pbonzini@...hat.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andi Kleen <andi@...stfloor.org>,
Greg Kroah-Hartman <gregkh@...ux-foundation.org>,
Tim Chen <tim.c.chen@...ux.intel.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Dave Hansen <dave.hansen@...el.com>, Jeff Law <law@...hat.com>,
Nick Clifton <nickc@...hat.com>
Subject: Re: Avoid speculative indirect calls in kernel
On Jan 5, 12:12pm, Alan Cox wrote:
} Subject: Re: Avoid speculative indirect calls in kernel
Good morning to everyone, a bit behind on mail given everything which
has been going on.
> On Fri, 5 Jan 2018 01:54:13 +0100 (CET)
> Thomas Gleixner <tglx@...utronix.de> wrote:
>
> > On Thu, 4 Jan 2018, Jon Masters wrote:
> > > P.S. I've an internal document where I've been tracking "nice to haves"
> > > for later, and one of them is whether it makes sense to tag binaries as
> > > "trusted" (e.g. extended attribute, label, whatever). It was something I
> > > wanted to bring up at some point as potentially worth considering.
> >
> > Scratch that. There is no such thing as a trusted binary.
> There is if you are using signing and the like. I'm sure SELinux and
> friends will grow the ability to set per process policy but that's
> certainly not a priority.
>
> However the question is wrong. 'trusted' is a binary operator not a
> unary one.
Alan's observations are correct.
In our autonomous introspection work we apply the notion that
'trusted' is a binary characteristic of a context of execution (COE).
Its value is an expression of whether or not the information exchange
events it has been involved in have deviated from the desired
execution trajectory path of the system.
It is a decidedly different way of thinking about things. Most
importantly it is a namespaceable characteristic.
We have already written the futuristic LSM that Alan aludes to in
order to implement per COE security policies and forensics for
actors/COE's that have gone over to the 'dark side'.
> Alan
Have a good weekend.
Dr. Greg
}-- End of excerpt from Alan Cox
As always,
Dr. G.W. Wettstein, Ph.D. Enjellic Systems Development, LLC.
4206 N. 19th Ave. Specializing in information infra-structure
Fargo, ND 58102 development.
PH: 701-281-1686
FAX: 701-281-3949 EMAIL: greg@...ellic.com
------------------------------------------------------------------------------
"Given a choice between a complex, difficult-to-understand,
disconcerting explanation and a simplistic, comforting one, many
prefer simplistic comfort if it's remotely plausible, especially if it
involves blaming someone else for their problems."
-- Bob Lewis
_Infoworld_
Powered by blists - more mailing lists