From: Solar Designer <solar@openwall.com>
To: Djalal Harouni <tixxdz@gmail.com>
Cc: linux-kernel <linux-kernel@vger.kernel.org>,
netdev@vger.kernel.org,
LSM List <linux-security-module@vger.kernel.org>,
kernel-hardening@lists.openwall.com,
Andy Lutomirski <luto@kernel.org>,
Kees Cook <keescook@chromium.org>,
Andrew Morton <akpm@linux-foundation.org>,
Rusty Russell <rusty@rustcorp.com.au>,
"Serge E. Hallyn" <serge@hallyn.com>,
Jessica Yu <jeyu@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
James Morris <james.l.morris@oracle.com>,
Paul Moore <paul@paul-moore.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
Ingo Molnar <mingo@kernel.org>,
Linux API <linux-api@vger.kernel.org>,
Dongsu Park <dpark@posteo.net>,
Casey Schaufler <casey@schaufler-ca.com>,
Jonathan Corbet <corbet@lwn.net>,
Arnaldo Carvalho de Melo <acme@redhat.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Zendyani <zendyani@gmail.com>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Ben Hutchings <ben.hutchings@codethink.co.uk>
Subject: Re: [kernel-hardening] [PATCH v4 next 0/3] modules: automatic module loading restrictions
Date: Mon, 22 May 2017 18:43:23 +0200 [thread overview]
Message-ID: <20170522164323.GA2048@openwall.com> (raw)
In-Reply-To: <CAEiveUdqfMk4+vLg6TaEJNSGwoQHxYq0P4aqZoL4i9GgR3Vdtw@mail.gmail.com>
On Mon, May 22, 2017 at 03:49:15PM +0200, Djalal Harouni wrote:
> On Mon, May 22, 2017 at 2:08 PM, Solar Designer <solar@openwall.com> wrote:
> > On Mon, May 22, 2017 at 01:57:03PM +0200, Djalal Harouni wrote:
> >> *) When modules_autoload_mode is set to (2), automatic module loading is
> >> disabled for all. Once set, this value can not be changed.
> >
> > What purpose does this securelevel-like property ("Once set, this value
> > can not be changed.") serve here? I think this mode 2 is needed, but
> > without this extra property, which is bypassable by e.g. explicitly
> > loaded kernel modules anyway (and that's OK).
>
> My reasoning about "Once set, this value can not be changed" is mainly for:
>
> If you have some systems where modules are not updated for any given
> reason, then the only one who will be able to load a module is an
> administrator, basically this is a shortcut for:
>
> * Apps/services can run with CAP_NET_ADMIN but they are not allowed to
> auto-load 'netdev' modules.
>
> * Explicitly loading modules can be guarded by seccomp filters *per*
> app, so even if these apps have
> CAP_SYS_MODULE they won't be able to explicitly load modules, one
> has to remount some sysctl /proc/ entries read-only here and remove
> CAP_SYS_ADMIN for all apps anyway.
>
> This mainly serves the purpose of these systems that do not receive
> updates, if I don't want to expose those kernel interfaces what should
> I do ? then if I want to unload old versions and replace them with new
> ones what operation should be allowed ? and only real root of the
> system can do it. Hence, the "Once set, this value can not be changed"
> is more of a shortcut, also the idea was put in my mind based on how
> "modules_disabled" is disabled forever, and some other interfaces. I
> would say: it is easy to handle a transition from 1) "hey this system
> is still up to date, some features should be exposed" to 2) "this
> system is not up to date anymore, only root should expose some
> features..."
>
> Hmm, I am not sure if this answers your question ? :-)
This answers my question, but in a way that I summarize as "there's no
good reason to include this securelevel-like property".
> I definitively don't want to fall into "modules_disabled" trap where
> is it too strict! "Once set, this value can not be changed" means for
> some users do not set it otherwise the system is unusable...
>
> Maybe an extra "4" mode for that ? better get it right.
I think you should simply exclude this property from mode 2.
The module autoloading restrictions aren't meant to reduce root's
powers; they're only meant to protect processes from shooting themselves
and the system in the foot inadvertently (confused deputy).
modules_disabled may be different in that respect, although with the
rest of the kernel lacking securelevel-like support the point is moot.
We had working securelevel in 2.0.34 through 2.0.40 inclusive, but
we've lost it in 2.1+ with cap-bound apparently never becoming as
complete a replacement for it and having been lost/broken further in
2.6.25+. I regret this, but that's a different story. Like I say,
module autoloading doesn't even fit in with those restrictions - it's
about a totally different threat model.
Alexander
WARNING: multiple messages have this Message-ID (diff)
From: Solar Designer <solar-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org>
To: Djalal Harouni <tixxdz-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: linux-kernel
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
LSM List
<linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
kernel-hardening-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org,
Andy Lutomirski <luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Rusty Russell <rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org>,
"Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>,
Jessica Yu <jeyu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"David S. Miller" <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
James Morris
<james.l.morris-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>,
Paul Moore <paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org>,
Stephen Smalley <sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>,
Greg Kroah-Hartman
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
Tetsuo Handa
<penguin-kernel-1yMVhJb1mP/7nzcFbJAaVXf5DAMn2ifp@public.gmane.org>,
Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Dongsu Park <dpark-VwIFZPTo/vqsTnJN9+BGXg@public.gmane.org>Casey
Schaufler <ca>
Subject: Re: [kernel-hardening] [PATCH v4 next 0/3] modules: automatic module loading restrictions
Date: Mon, 22 May 2017 18:43:23 +0200 [thread overview]
Message-ID: <20170522164323.GA2048@openwall.com> (raw)
In-Reply-To: <CAEiveUdqfMk4+vLg6TaEJNSGwoQHxYq0P4aqZoL4i9GgR3Vdtw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Mon, May 22, 2017 at 03:49:15PM +0200, Djalal Harouni wrote:
> On Mon, May 22, 2017 at 2:08 PM, Solar Designer <solar-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org> wrote:
> > On Mon, May 22, 2017 at 01:57:03PM +0200, Djalal Harouni wrote:
> >> *) When modules_autoload_mode is set to (2), automatic module loading is
> >> disabled for all. Once set, this value can not be changed.
> >
> > What purpose does this securelevel-like property ("Once set, this value
> > can not be changed.") serve here? I think this mode 2 is needed, but
> > without this extra property, which is bypassable by e.g. explicitly
> > loaded kernel modules anyway (and that's OK).
>
> My reasoning about "Once set, this value can not be changed" is mainly for:
>
> If you have some systems where modules are not updated for any given
> reason, then the only one who will be able to load a module is an
> administrator, basically this is a shortcut for:
>
> * Apps/services can run with CAP_NET_ADMIN but they are not allowed to
> auto-load 'netdev' modules.
>
> * Explicitly loading modules can be guarded by seccomp filters *per*
> app, so even if these apps have
> CAP_SYS_MODULE they won't be able to explicitly load modules, one
> has to remount some sysctl /proc/ entries read-only here and remove
> CAP_SYS_ADMIN for all apps anyway.
>
> This mainly serves the purpose of these systems that do not receive
> updates, if I don't want to expose those kernel interfaces what should
> I do ? then if I want to unload old versions and replace them with new
> ones what operation should be allowed ? and only real root of the
> system can do it. Hence, the "Once set, this value can not be changed"
> is more of a shortcut, also the idea was put in my mind based on how
> "modules_disabled" is disabled forever, and some other interfaces. I
> would say: it is easy to handle a transition from 1) "hey this system
> is still up to date, some features should be exposed" to 2) "this
> system is not up to date anymore, only root should expose some
> features..."
>
> Hmm, I am not sure if this answers your question ? :-)
This answers my question, but in a way that I summarize as "there's no
good reason to include this securelevel-like property".
> I definitively don't want to fall into "modules_disabled" trap where
> is it too strict! "Once set, this value can not be changed" means for
> some users do not set it otherwise the system is unusable...
>
> Maybe an extra "4" mode for that ? better get it right.
I think you should simply exclude this property from mode 2.
The module autoloading restrictions aren't meant to reduce root's
powers; they're only meant to protect processes from shooting themselves
and the system in the foot inadvertently (confused deputy).
modules_disabled may be different in that respect, although with the
rest of the kernel lacking securelevel-like support the point is moot.
We had working securelevel in 2.0.34 through 2.0.40 inclusive, but
we've lost it in 2.1+ with cap-bound apparently never becoming as
complete a replacement for it and having been lost/broken further in
2.6.25+. I regret this, but that's a different story. Like I say,
module autoloading doesn't even fit in with those restrictions - it's
about a totally different threat model.
Alexander
WARNING: multiple messages have this Message-ID (diff)
From: solar@openwall.com (Solar Designer)
To: linux-security-module@vger.kernel.org
Subject: [kernel-hardening] [PATCH v4 next 0/3] modules: automatic module loading restrictions
Date: Mon, 22 May 2017 18:43:23 +0200 [thread overview]
Message-ID: <20170522164323.GA2048@openwall.com> (raw)
In-Reply-To: <CAEiveUdqfMk4+vLg6TaEJNSGwoQHxYq0P4aqZoL4i9GgR3Vdtw@mail.gmail.com>
On Mon, May 22, 2017 at 03:49:15PM +0200, Djalal Harouni wrote:
> On Mon, May 22, 2017 at 2:08 PM, Solar Designer <solar@openwall.com> wrote:
> > On Mon, May 22, 2017 at 01:57:03PM +0200, Djalal Harouni wrote:
> >> *) When modules_autoload_mode is set to (2), automatic module loading is
> >> disabled for all. Once set, this value can not be changed.
> >
> > What purpose does this securelevel-like property ("Once set, this value
> > can not be changed.") serve here? I think this mode 2 is needed, but
> > without this extra property, which is bypassable by e.g. explicitly
> > loaded kernel modules anyway (and that's OK).
>
> My reasoning about "Once set, this value can not be changed" is mainly for:
>
> If you have some systems where modules are not updated for any given
> reason, then the only one who will be able to load a module is an
> administrator, basically this is a shortcut for:
>
> * Apps/services can run with CAP_NET_ADMIN but they are not allowed to
> auto-load 'netdev' modules.
>
> * Explicitly loading modules can be guarded by seccomp filters *per*
> app, so even if these apps have
> CAP_SYS_MODULE they won't be able to explicitly load modules, one
> has to remount some sysctl /proc/ entries read-only here and remove
> CAP_SYS_ADMIN for all apps anyway.
>
> This mainly serves the purpose of these systems that do not receive
> updates, if I don't want to expose those kernel interfaces what should
> I do ? then if I want to unload old versions and replace them with new
> ones what operation should be allowed ? and only real root of the
> system can do it. Hence, the "Once set, this value can not be changed"
> is more of a shortcut, also the idea was put in my mind based on how
> "modules_disabled" is disabled forever, and some other interfaces. I
> would say: it is easy to handle a transition from 1) "hey this system
> is still up to date, some features should be exposed" to 2) "this
> system is not up to date anymore, only root should expose some
> features..."
>
> Hmm, I am not sure if this answers your question ? :-)
This answers my question, but in a way that I summarize as "there's no
good reason to include this securelevel-like property".
> I definitively don't want to fall into "modules_disabled" trap where
> is it too strict! "Once set, this value can not be changed" means for
> some users do not set it otherwise the system is unusable...
>
> Maybe an extra "4" mode for that ? better get it right.
I think you should simply exclude this property from mode 2.
The module autoloading restrictions aren't meant to reduce root's
powers; they're only meant to protect processes from shooting themselves
and the system in the foot inadvertently (confused deputy).
modules_disabled may be different in that respect, although with the
rest of the kernel lacking securelevel-like support the point is moot.
We had working securelevel in 2.0.34 through 2.0.40 inclusive, but
we've lost it in 2.1+ with cap-bound apparently never becoming as
complete a replacement for it and having been lost/broken further in
2.6.25+. I regret this, but that's a different story. Like I say,
module autoloading doesn't even fit in with those restrictions - it's
about a totally different threat model.
Alexander
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Solar Designer <solar-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org>
To: Djalal Harouni <tixxdz-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: linux-kernel
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
LSM List
<linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
kernel-hardening-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org,
Andy Lutomirski <luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Rusty Russell <rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org>,
"Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>,
Jessica Yu <jeyu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
"David S. Miller" <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
James Morris
<james.l.morris-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>,
Paul Moore <paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org>,
Stephen Smalley <sds-+05T5uksL2qpZYMLLGbcSA@public.gmane.org>,
Greg Kroah-Hartman
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
Tetsuo Handa
<penguin-kernel-1yMVhJb1mP/7nzcFbJAaVXf5DAMn2ifp@public.gmane.org>,
Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Dongsu Park <dpark-VwIFZPTo/vqsTnJN9+BGXg@public.gmane.org>,
Casey Schaufler <ca
Subject: Re: [kernel-hardening] [PATCH v4 next 0/3] modules: automatic module loading restrictions
Date: Mon, 22 May 2017 18:43:23 +0200 [thread overview]
Message-ID: <20170522164323.GA2048@openwall.com> (raw)
In-Reply-To: <CAEiveUdqfMk4+vLg6TaEJNSGwoQHxYq0P4aqZoL4i9GgR3Vdtw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Mon, May 22, 2017 at 03:49:15PM +0200, Djalal Harouni wrote:
> On Mon, May 22, 2017 at 2:08 PM, Solar Designer <solar-cxoSlKxDwOJWk0Htik3J/w@public.gmane.org> wrote:
> > On Mon, May 22, 2017 at 01:57:03PM +0200, Djalal Harouni wrote:
> >> *) When modules_autoload_mode is set to (2), automatic module loading is
> >> disabled for all. Once set, this value can not be changed.
> >
> > What purpose does this securelevel-like property ("Once set, this value
> > can not be changed.") serve here? I think this mode 2 is needed, but
> > without this extra property, which is bypassable by e.g. explicitly
> > loaded kernel modules anyway (and that's OK).
>
> My reasoning about "Once set, this value can not be changed" is mainly for:
>
> If you have some systems where modules are not updated for any given
> reason, then the only one who will be able to load a module is an
> administrator, basically this is a shortcut for:
>
> * Apps/services can run with CAP_NET_ADMIN but they are not allowed to
> auto-load 'netdev' modules.
>
> * Explicitly loading modules can be guarded by seccomp filters *per*
> app, so even if these apps have
> CAP_SYS_MODULE they won't be able to explicitly load modules, one
> has to remount some sysctl /proc/ entries read-only here and remove
> CAP_SYS_ADMIN for all apps anyway.
>
> This mainly serves the purpose of these systems that do not receive
> updates, if I don't want to expose those kernel interfaces what should
> I do ? then if I want to unload old versions and replace them with new
> ones what operation should be allowed ? and only real root of the
> system can do it. Hence, the "Once set, this value can not be changed"
> is more of a shortcut, also the idea was put in my mind based on how
> "modules_disabled" is disabled forever, and some other interfaces. I
> would say: it is easy to handle a transition from 1) "hey this system
> is still up to date, some features should be exposed" to 2) "this
> system is not up to date anymore, only root should expose some
> features..."
>
> Hmm, I am not sure if this answers your question ? :-)
This answers my question, but in a way that I summarize as "there's no
good reason to include this securelevel-like property".
> I definitively don't want to fall into "modules_disabled" trap where
> is it too strict! "Once set, this value can not be changed" means for
> some users do not set it otherwise the system is unusable...
>
> Maybe an extra "4" mode for that ? better get it right.
I think you should simply exclude this property from mode 2.
The module autoloading restrictions aren't meant to reduce root's
powers; they're only meant to protect processes from shooting themselves
and the system in the foot inadvertently (confused deputy).
modules_disabled may be different in that respect, although with the
rest of the kernel lacking securelevel-like support the point is moot.
We had working securelevel in 2.0.34 through 2.0.40 inclusive, but
we've lost it in 2.1+ with cap-bound apparently never becoming as
complete a replacement for it and having been lost/broken further in
2.6.25+. I regret this, but that's a different story. Like I say,
module autoloading doesn't even fit in with those restrictions - it's
about a totally different threat model.
Alexander
next prev parent reply other threads:[~2017-05-22 16:43 UTC|newest]
Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-22 11:57 [kernel-hardening] [PATCH v4 next 0/3] modules: automatic module loading restrictions Djalal Harouni
2017-05-22 11:57 ` Djalal Harouni
2017-05-22 11:57 ` Djalal Harouni
2017-05-22 11:57 ` Djalal Harouni
2017-05-22 11:57 ` [kernel-hardening] [PATCH v4 next 1/3] modules:capabilities: allow __request_module() to take a capability argument Djalal Harouni
2017-05-22 11:57 ` Djalal Harouni
2017-05-22 11:57 ` Djalal Harouni
2017-05-22 22:20 ` [kernel-hardening] " Kees Cook
2017-05-22 22:20 ` Kees Cook
2017-05-22 22:20 ` Kees Cook
2017-05-22 22:20 ` Kees Cook
2017-05-22 22:20 ` Kees Cook
2017-05-23 10:29 ` [kernel-hardening] " Djalal Harouni
2017-05-23 10:29 ` Djalal Harouni
2017-05-23 10:29 ` Djalal Harouni
2017-05-23 10:29 ` Djalal Harouni
2017-05-23 10:29 ` Djalal Harouni
2017-05-23 19:19 ` [kernel-hardening] " Kees Cook
2017-05-23 19:19 ` Kees Cook
2017-05-23 19:19 ` Kees Cook
2017-05-23 19:19 ` Kees Cook
2017-05-23 19:19 ` Kees Cook
2017-05-24 14:16 ` [kernel-hardening] " Djalal Harouni
2017-05-24 14:16 ` Djalal Harouni
2017-05-24 14:16 ` Djalal Harouni
2017-05-24 14:16 ` Djalal Harouni
2017-05-30 17:59 ` [kernel-hardening] " Kees Cook
2017-05-30 17:59 ` Kees Cook
2017-05-30 17:59 ` Kees Cook
2017-05-30 17:59 ` Kees Cook
2017-05-30 17:59 ` Kees Cook
2017-06-01 14:56 ` [kernel-hardening] " Djalal Harouni
2017-06-01 14:56 ` Djalal Harouni
2017-06-01 14:56 ` Djalal Harouni
2017-06-01 14:56 ` Djalal Harouni
2017-06-01 14:56 ` Djalal Harouni
2017-06-01 19:10 ` [kernel-hardening] " Kees Cook
2017-06-01 19:10 ` Kees Cook
2017-06-01 19:10 ` Kees Cook
2017-06-01 19:10 ` Kees Cook
2017-06-01 19:10 ` Kees Cook
2017-09-02 6:31 ` [kernel-hardening] " Djalal Harouni
2017-09-02 6:31 ` Djalal Harouni
2017-09-02 6:31 ` Djalal Harouni
2017-09-02 6:31 ` Djalal Harouni
2017-09-02 6:31 ` Djalal Harouni
2017-05-22 11:57 ` [kernel-hardening] [PATCH v4 next 2/3] modules:capabilities: automatic module loading restriction Djalal Harouni
2017-05-22 11:57 ` Djalal Harouni
2017-05-22 11:57 ` Djalal Harouni
2017-05-22 22:28 ` [kernel-hardening] " Kees Cook
2017-05-22 22:28 ` Kees Cook
2017-05-22 22:28 ` Kees Cook
2017-05-22 22:28 ` Kees Cook
2017-05-22 22:28 ` Kees Cook
2017-05-22 11:57 ` [kernel-hardening] [PATCH v4 next 3/3] modules:capabilities: add a per-task modules auto-load mode Djalal Harouni
2017-05-22 11:57 ` Djalal Harouni
2017-05-22 11:57 ` Djalal Harouni
2017-05-23 14:18 ` [kernel-hardening] " kbuild test robot
2017-05-23 14:18 ` kbuild test robot
2017-05-23 14:18 ` kbuild test robot
2017-05-23 14:18 ` kbuild test robot
2017-05-23 14:18 ` kbuild test robot
2017-05-22 12:08 ` [kernel-hardening] [PATCH v4 next 0/3] modules: automatic module loading restrictions Solar Designer
2017-05-22 12:08 ` Solar Designer
2017-05-22 12:08 ` Solar Designer
2017-05-22 13:49 ` [kernel-hardening] " Djalal Harouni
2017-05-22 13:49 ` Djalal Harouni
2017-05-22 13:49 ` Djalal Harouni
2017-05-22 13:49 ` Djalal Harouni
2017-05-22 16:43 ` Solar Designer [this message]
2017-05-22 16:43 ` Solar Designer
2017-05-22 16:43 ` Solar Designer
2017-05-22 16:43 ` Solar Designer
2017-05-22 19:55 ` Djalal Harouni
2017-05-22 19:55 ` Djalal Harouni
2017-05-22 19:55 ` Djalal Harouni
2017-05-22 19:55 ` Djalal Harouni
2017-05-22 23:07 ` Kees Cook
2017-05-22 23:07 ` Kees Cook
2017-05-22 23:07 ` Kees Cook
2017-05-22 23:07 ` Kees Cook
2017-05-22 23:38 ` Andy Lutomirski
2017-05-22 23:38 ` Andy Lutomirski
2017-05-22 23:38 ` Andy Lutomirski
2017-05-22 23:52 ` Kees Cook
2017-05-22 23:52 ` Kees Cook
2017-05-22 23:52 ` Kees Cook
2017-05-22 23:52 ` Kees Cook
2017-05-23 13:02 ` Djalal Harouni
2017-05-23 13:02 ` Djalal Harouni
2017-05-23 13:02 ` [kernel-hardening] " Djalal Harouni
2017-05-23 13:02 ` Djalal Harouni
2017-05-23 7:48 ` [kernel-hardening] " Solar Designer
2017-05-23 7:48 ` Solar Designer
2017-05-23 7:48 ` Solar Designer
2017-05-23 7:48 ` Solar Designer
2017-05-23 18:36 ` Kees Cook
2017-05-23 18:36 ` Kees Cook
2017-05-23 18:36 ` Kees Cook
2017-05-23 18:36 ` Kees Cook
2017-05-23 19:50 ` Andy Lutomirski
2017-05-23 19:50 ` Andy Lutomirski
2017-05-23 19:50 ` Andy Lutomirski
2017-05-24 18:06 ` Djalal Harouni
2017-05-24 18:06 ` Djalal Harouni
2017-05-24 18:06 ` Djalal Harouni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170522164323.GA2048@openwall.com \
--to=solar@openwall.com \
--cc=acme@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=ben.hutchings@codethink.co.uk \
--cc=casey@schaufler-ca.com \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=dpark@posteo.net \
--cc=gregkh@linuxfoundation.org \
--cc=james.l.morris@oracle.com \
--cc=jeyu@redhat.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mchehab@kernel.org \
--cc=mingo@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=peterz@infradead.org \
--cc=rusty@rustcorp.com.au \
--cc=sds@tycho.nsa.gov \
--cc=serge@hallyn.com \
--cc=tixxdz@gmail.com \
--cc=viro@zeniv.linux.org.uk \
--cc=zendyani@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.