lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Fri, 15 Mar 2019 09:09:45 -0700
From:   Kees Cook <>
To:     Andrea Arcangeli <>
Cc:     Paolo Bonzini <>, Peter Xu <>,
        Mike Kravetz <>,
        LKML <>,
        Hugh Dickins <>,
        Luis Chamberlain <>,
        Maxime Coquelin <>,
        KVM <>, Jerome Glisse <>,
        Pavel Emelyanov <>,
        Johannes Weiner <>,
        Martin Cracauer <>,
        Denis Plotnikov <>,
        Linux-MM <>,
        Marty McFadden <>,
        Maya Gokhale <>,
        Mike Rapoport <>,
        Mel Gorman <>,
        "Kirill A . Shutemov" <>,
        "" <>,
        "Dr . David Alan Gilbert" <>,
        Andrew Morton <>
Subject: Re: [PATCH 0/3] userfaultfd: allow to forbid unprivileged users

On Thu, Mar 14, 2019 at 9:16 AM Andrea Arcangeli <> wrote:
> So this will be for who's paranoid and prefers to disable userfaultfd
> as a whole as an hardening feature like the bpf sysctl allows: it will
> allow to block uffd syscall without having to rebuild the kernel with
> CONFIG_USERFAULTFD=n in environments where seccomp cannot be easily
> enabled (i.e. without requiring userland changes).
> That's very fine with me, but then it wasn't me complaining in the
> first place. Kees?

I'm fine with a boolean. I just wanted to find a way to disable at
runtime (so distro users had it available to them).

Kees Cook

Powered by blists - more mailing lists