[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Jul 2019 17:00:38 +1000
From: Daniel Axtens <dja@...ens.net>
To: Andrew Donnellan <ajd@...ux.ibm.com>, Christopher M Riedl <cmr@...ormatik.wtf>, linuxppc-dev@...abs.org, kernel-hardening@...ts.openwall.com
Cc: mjg59@...gle.com
Subject: Re: [RFC PATCH v2] powerpc/xmon: restrict when kernel is locked down
Hi Chris,
>>>> Remind me again why we need to clear breakpoints in integrity mode?
...
>> Integrity mode merely means we are aiming to prevent modifications to
>> kernel memory. IMHO leaving existing breakpoints in place is fine as
>> long as when we hit the breakpoint xmon is in read-only mode.
>>
...
> I think ajd is right.
>
> I think about it like this. There are 2 transitions:
>
> - into integrity mode
>
> Here, we need to go into r/o, but do not need to clear breakpoints.
> You can still insert breakpoints in readonly mode, so clearing them
> just makes things more irritating rather than safer.
>
> - into confidentiality mode
>
> Here we need to purge breakpoints and disable xmon completely.
Would you be able to send a v2 with these changes? (that is, not purging
breakpoints when entering integrity mode)
Regards,
Daniel
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
