Date: Mon, 29 Jul 2019 17:00:38 +1000 From: Daniel Axtens <dja@...ens.net> To: Andrew Donnellan <ajd@...ux.ibm.com>, Christopher M Riedl <cmr@...ormatik.wtf>, linuxppc-dev@...abs.org, kernel-hardening@...ts.openwall.com Cc: mjg59@...gle.com Subject: Re: [RFC PATCH v2] powerpc/xmon: restrict when kernel is locked down Hi Chris, >>>> Remind me again why we need to clear breakpoints in integrity mode? ... >> Integrity mode merely means we are aiming to prevent modifications to >> kernel memory. IMHO leaving existing breakpoints in place is fine as >> long as when we hit the breakpoint xmon is in read-only mode. >> ... > I think ajd is right. > > I think about it like this. There are 2 transitions: > > - into integrity mode > > Here, we need to go into r/o, but do not need to clear breakpoints. > You can still insert breakpoints in readonly mode, so clearing them > just makes things more irritating rather than safer. > > - into confidentiality mode > > Here we need to purge breakpoints and disable xmon completely. Would you be able to send a v2 with these changes? (that is, not purging breakpoints when entering integrity mode) Regards, Daniel
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.