Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 9 Mar 2016 22:46:46 -0800
From: Andy Lutomirski <>
To: Kees Cook <>
Cc: "" <>, Scott Bauer <>, 
	LKML <>, "" <>,, 
	Andi Kleen <>, Abhiram Balasubramanian <>
Subject: Re: Re: [PATCH v3 3/3] SROP mitigation: Add sysctl
 to disable SROP protection.

On Wed, Mar 9, 2016 at 10:36 PM, Kees Cook <> wrote:
> On Tue, Mar 8, 2016 at 1:00 PM, One Thousand Gnomes
> <> wrote:
>> On Tue,  8 Mar 2016 13:47:55 -0700
>> Scott Bauer <> wrote:
>>> This patch adds a sysctl argument to disable SROP protection.
>> Shouldn't it be a sysctl to enable it irrevocably, otherwise if I have DAC
>> capability I can turn off SROP and attack something to get to higher
>> capability levels ?
>> (The way almost all distros are set up its kind of academic but for a
>> properly secured system it might matter).
> Perhaps use proc_dointvec_minmax_sysadmin instead to tie changes
> strictly to CAP_SYS_ADMIN?

I don't see why this needs to be irrevocable.  If you have
CAP_SYS_ADMIN or write access to /proc or whatever, you can do much
worse things than turning off a user-level mitigation.  For example,
you can ptrace things.  Also, you're already root, so what's the


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.