lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Mar 2019 09:55:20 -0700 From: Matthew Garrett <mjg59@...gle.com> To: Steven Rostedt <rostedt@...dmis.org> Cc: James Morris <jmorris@...ei.org>, LSM List <linux-security-module@...r.kernel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, David Howells <dhowells@...hat.com>, Linux API <linux-api@...r.kernel.org>, Andy Lutomirski <luto@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...nel.org>, "H. Peter Anvin" <hpa@...or.com>, x86@...nel.org Subject: Re: [PATCH V31 19/25] x86/mmiotrace: Lock down the testmmiotrace module On Wed, Mar 27, 2019 at 8:57 AM Steven Rostedt <rostedt@...dmis.org> wrote: > > On Tue, 26 Mar 2019 11:27:35 -0700 > Matthew Garrett <matthewgarrett@...gle.com> wrote: > > > From: David Howells <dhowells@...hat.com> > > > > The testmmiotrace module shouldn't be permitted when the kernel is locked > > down as it can be used to arbitrarily read and write MMIO space. This is > > a runtime check rather than buildtime in order to allow configurations > > where the same kernel may be run in both locked down or permissive modes > > depending on local policy. > > > > Acked-by: Steven Rostedt (VMware) <rostedt@...dmis.org> > > I'm curious. Should there be a mode to lockdown the tracefs directory > too? As that can expose addresses. That sounds like a reasonable thing to do in the confidentiality mode, I don't think it'd be necessary in the integrity mode.
Powered by blists - more mailing lists