[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 13 Feb 2017 09:51:28 -0800
From: Kees Cook <keescook@...omium.org>
To: James Morris <jmorris@...ei.org>
Cc: linux-security-module <linux-security-module@...r.kernel.org>,
"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: [RFC PATCH 0/4] ro hardening for the security subsystem
On Sun, Feb 12, 2017 at 9:31 PM, James Morris <jmorris@...ei.org> wrote:
> Hi Folks,
>
> Please review/test these patches which add some read-only hardening to the
> security subsystem.
>
> In this series, the following are marked as __ro_after_init:
>
> - LSM hooks
> - Netfilter hooks used by security/
> - the default IMA rules
>
> I've also constified the SELinux Netlink permission tables, which will
> ensure they're located in an RO section.
A lot of the security subsystem is targeted during kernel write
exploits, so I think this is very nice change to have. Thanks for
doing this!
Acked-by: Kees Cook <keescook@...omium.org>
-Kees
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
