On Tue, Dec 10, 2013 at 11:14 AM, Vivek Goyal <vgoyal at redhat.com> wrote: > On Tue, Dec 10, 2013 at 10:54:00AM -0800, H. Peter Anvin wrote: >> On 12/10/2013 10:33 AM, Vivek Goyal wrote: >> > On Tue, Dec 10, 2013 at 08:32:38AM -0800, H. Peter Anvin wrote: >> >> Of course it isn't. >> > >> > I am not sure what are you trying to say. This is too brief. >> > >> > Thanks >> > Vivek >> > >> >> Of course it is not sufficient. Once you can get arbitrary code into >> kernel space (CPL 0) you can do anything, and "disabling jump back" is >> just a speed bump. > > Agreed that disabling jump back is only a speed bump. > > Kees, so how would be use this knob? > > - If I put it in some init script, then root will permission to modify > and remove it. Correct. Same applies to changing the kernel itself, yes. However, all those options require a reboot, and unexpected system reboots should signal a significant problem to a system owner. :) This is a big step better than a silent kernel root kit getting installed. > - Can one specify sysctl parameters on command line? If yes, then one > can disable this using kernel command line and in that case kdump will > be disabled too. If they can be set on the command line, I'd like to know about it. That would let me flip the bit even earlier, since I don't use kexec at all (and don't need to wait until boot up is done). -Kees -- Kees Cook Chrome OS Security
