Date: Wed, 9 Mar 2016 22:36:21 -0800 From: Kees Cook <keescook@...omium.org> To: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com> Cc: Scott Bauer <sbauer@....utah.edu>, LKML <linux-kernel@...r.kernel.org>, "x86@...nel.org" <x86@...nel.org>, wmealing@...hat.com, Andi Kleen <ak@...ux.intel.com>, Andy Lutomirski <luto@...capital.net>, Abhiram Balasubramanian <abhiram@...utah.edu> Subject: Re: Re: [PATCH v3 3/3] SROP mitigation: Add sysctl to disable SROP protection. On Tue, Mar 8, 2016 at 1:00 PM, One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk> wrote: > On Tue, 8 Mar 2016 13:47:55 -0700 > Scott Bauer <sbauer@....utah.edu> wrote: > >> This patch adds a sysctl argument to disable SROP protection. > > Shouldn't it be a sysctl to enable it irrevocably, otherwise if I have DAC > capability I can turn off SROP and attack something to get to higher > capability levels ? > > (The way almost all distros are set up its kind of academic but for a > properly secured system it might matter). Perhaps use proc_dointvec_minmax_sysadmin instead to tie changes strictly to CAP_SYS_ADMIN? -Kees > > Alan -- Kees Cook Chrome OS & Brillo Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.