| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+55aFyEaNGLoSL2SJZkcvApPJQFo1mK9KW6g-_FdAm1KSqGEw@mail.gmail.com>
Date: Thu, 12 Apr 2018 09:52:54 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Justin Forbes <jmforbes@...uxtx.org>
Cc: Jordan Glover <Golden_Miller83@...tonmail.ch>,
David Howells <dhowells@...hat.com>,
linux-man <linux-man@...r.kernel.org>,
Linux API <linux-api@...r.kernel.org>,
James Morris <jmorris@...ei.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
LSM List <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH 01/24] Add the ability to lock down access to the running
kernel image
On Thu, Apr 12, 2018 at 6:09 AM, Justin Forbes <jmforbes@...uxtx.org> wrote:
> On Wed, Apr 11, 2018, 5:38 PM Linus Torvalds
> <torvalds@...ux-foundation.org> wrote:
>>
>> So it's really the whole claim that distributions have been running
>> for this for the last five years that I wonder about, and how often
>> people end up being told: "just disable secure boot":.
>
> Very rarely in my experience.
Good. Do you have a handle on the reasons?
Because I'm assuming it's not /dev/{mem,kmem,port}? Because I'd really
be happier if we just say "those are legacy, don't enable them at all
for modern distros".
That way they'd _stay_ disabled even if somebody cannot handle the
other limitations, like DMA etc.
Linus
Powered by blists - more mailing lists