Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 8 Dec 2019 06:36:40 +0000
From: Patrick Schleizer <>
Subject: Re: bug: LKRG kills VirtualBox host VMs

Solar Designer:
> As to your concerns on having an extra security-sensitive flag, we
> already have some other sysctl's that also affect LKRG in
> security-relevant ways.  I think we need to come up with a common
> approach and framework for protecting all of those flags from easy
> one-shot overwrites or/and making such overwrites ineffective (read-only
> pages or/and checking against a keyed hash or redundant copies), and
> use it for all of LKRG's security-sensitive rarely-changing variables.
> Right now, LKRG's approach to these issues is inconsistent: some
> settings are security-sensitive yet runtime configurable, and some
> others are compile-time only.  We need to make LKRG consistent.

Maybe a single call "sudo sysctl -w lkrg.fuse=1" could make all LKRG
settings ready-only until reboot? Before that, all settings are read/write?

I am also looking for a sysctl command to fuse all (not only LKRG)
sysctl settings, but I don't know if that would be overreaching LKRG's
scope. (Similar to linux "lockdown" feature.)

Kind regards,

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.