Re: [RFC] Second attempt at kernel secure boot support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Sep 21, 2012 at 03:55:28PM -0700, Eric W. Biederman wrote:

> 1) I don't see anything disabling kdb or kgdb.  If ever there
>    was a way to poke into the kernel and change things...

Is there any way to access them without having physical console access 
(either the system console or a serial console)? Physically-present 
attacks are kind of out of scope here.

> 2) You almost certainly want to disable module removal.  It is all to
>    easy to have races where that are not properly handled in the module
>    removal path.  I know I saw a bundle of those in debugfs the other
>    day.

I'm pretty reluctant to work around bugs like this. Disabling features 
certainly reduces the attack surface, but the aim is to only disable 
features that *by design* permit the modification of the kernel. Where 
it's possible to do so by exploiting bugs, we should be fixing the bugs.

> 3) And half seriously you probably want to disable mounting of
>    filesystems.  I believe I have heard it said the kernel has not been
>    vetted against a hostile root user mounting deliberately corrupted
>    filesystem images.

See (2). Not that you need to be root to trigger filesystem mounts, so 
this is also a user->kernel exploit. Those should be fixed.

-- 
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux