Date: Tue, 8 Mar 2016 21:00:13 +0000 From: One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk> To: Scott Bauer <sbauer@....utah.edu> Cc: linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com, x86@...nel.org, wmealing@...hat.com, ak@...ux.intel.com, luto@...capital.net, Abhiram Balasubramanian <abhiram@...utah.edu> Subject: Re: [PATCH v3 3/3] SROP mitigation: Add sysctl to disable SROP protection. On Tue, 8 Mar 2016 13:47:55 -0700 Scott Bauer <sbauer@....utah.edu> wrote: > This patch adds a sysctl argument to disable SROP protection. Shouldn't it be a sysctl to enable it irrevocably, otherwise if I have DAC capability I can turn off SROP and attack something to get to higher capability levels ? (The way almost all distros are set up its kind of academic but for a properly secured system it might matter). Alan
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.