On Wed, Aug 03, 2022 at 02:12:26PM +1000, Daniil Lunev wrote: > Hello all > To signal boost here. What can we do to advance the discussion on this > topic? Can we move forward with the approach or are there any > alternative suggestions how the desired behaviour can be achieved? > Thanks, > --Daniil > > On Tue, Jul 19, 2022 at 9:42 AM Daniil Lunev <dlunev@xxxxxxxxxxxx> wrote: > > > > We understand that if someone acquires root it is a game over. The intent of > > this mechanism is to reduce the attack surface. The exposure might be a > > certain system daemon that is exploited into accessing a wrong node in > > the filesystem. And exposing modifiable system memory is a pathway for > > further escalation and leaks of secrets. This is a defense in depth mechanism, > > that is intended to make attackers' lives harder even if they find an > > exploitable > > vulnerability. > > We understand that in regular situations people may not want the behaviour, > > that is why the mechanism is controlled via a side channel - if a message is > > never sent - the behaviour is not altered. > > --Daniil This seems like an access control policy, which the Linux kernel already has a lot of mechanisms for. Chrome OS already uses SELinux. Couldn't this be solved by giving the device node an SELinux label that no one has permission to open? - Eric -- dm-devel mailing list dm-devel@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/dm-devel
