Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: jlee@xxxxxxxx
Subject: Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down
From: David Howells <dhowells@xxxxxxxxxx>
Date: Fri, 20 Oct 2017 17:03:22 +0100
Cc: dhowells@xxxxxxxxxx, Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>, linux-security-module@xxxxxxxxxxxxxxx, gnomes@xxxxxxxxxxxxxxxxxxx, linux-efi@xxxxxxxxxxxxxxx, matthew.garrett@xxxxxxxxxx, gregkh@xxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, jforbes@xxxxxxxxxx, Daniel Borkmann <daniel@xxxxxxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxxxxxx, Gary Lin <GLin@xxxxxxxx>
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 6873652748
In-reply-to: <20171020155748.kzrvg6565oxh6gmb@linux-rasp2>
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903

jlee@xxxxxxxx wrote:

> I think that we don't need to lock down sys_bpf() now because
> we didn't lock down other interfaces for reading arbitrary
> address like /dev/mem and /dev/kmem.

Ummm...  See patch 4.  You even gave me a Reviewed-by for it ;-)

David
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Follow-Ups:
- Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down
  - From: David Howells
- Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down
  - From: jlee

References:
- Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down
  - From: jlee
- Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down
  - From: joeyli
- [PATCH 00/27] security, efi: Add kernel lockdown
  - From: David Howells
- [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down
  - From: David Howells
- Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down
  - From: Alexei Starovoitov
- Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down
  - From: David Howells

Prev by Date: Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down
Next by Date: Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down
Previous by thread: Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down
Next by thread: Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Security] [Bugtraq] [Linux OMAP] [Linux MIPS] [ECOS] [Asterisk Internet PBX] [Linux API]