| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202005091159.A317BEFF@keescook>
Date: Sat, 9 May 2020 11:59:10 -0700
From: Kees Cook <keescook@...omium.org>
To: Rafael Aquini <aquini@...hat.com>
Cc: linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org,
kexec@...ts.infradead.org, linux-fsdevel@...r.kernel.org,
dyoung@...hat.com, bhe@...hat.com, corbet@....net,
mcgrof@...nel.org, akpm@...ux-foundation.org, cai@....pw,
rdunlap@...radead.org, tytso@....edu, bunk@...nel.org,
torvalds@...ux-foundation.org, gregkh@...uxfoundation.org,
labbott@...hat.com, jeffm@...e.com, jikos@...nel.org, jeyu@...e.de,
tiwai@...e.de, AnDavis@...e.com, rpalethorpe@...e.de
Subject: Re: [PATCH v3] kernel: add panic_on_taint
On Sat, May 09, 2020 at 09:57:37AM -0400, Rafael Aquini wrote:
> Analogously to the introduction of panic_on_warn, this patch
> introduces a kernel option named panic_on_taint in order to
> provide a simple and generic way to stop execution and catch
> a coredump when the kernel gets tainted by any given taint flag.
>
> This is useful for debugging sessions as it avoids rebuilding
> the kernel to explicitly add calls to panic() or BUG() into
> code sites that introduce the taint flags of interest.
> Another, perhaps less frequent, use for this option would be
> as a mean for assuring a security policy (in paranoid mode)
> case where no single taint is allowed for the running system.
>
> Suggested-by: Qian Cai <cai@....pw>
> Signed-off-by: Rafael Aquini <aquini@...hat.com>
Reviewed-by: Kees Cook <keescook@...omium.org>
--
Kees Cook
Powered by blists - more mailing lists