From: Pavel Machek <pavel@ucw.cz>
To: Dave Jones <davej@redhat.com>,
Alan Cox <alan@lxorguk.ukuu.org.uk>, Pavel Machek <pavel@ucw.cz>,
kernel list <linux-kernel@vger.kernel.org>,
"Rafael J. Wysocki" <rjw@sisk.pl>,
Linux-pm mailing list <linux-pm@lists.osdl.org>
Subject: Re: [linux-pm] [RFC] userland swsusp
Date: Sat, 19 Nov 2005 23:43:32 +0000 [thread overview]
Message-ID: <20051119234331.GA1952@spitz.ucw.cz> (raw)
In-Reply-To: <20051118211847.GA3881@redhat.com>
Hi!
> > > Just for info: If this goes in, Red Hat/Fedora kernels will fork
> > > swsusp development, as this method just will not work there.
> > > (We have a restricted /dev/mem that prevents writes to arbitary
> > > memory regions, as part of a patchset to prevent rootkits)
> >
> > Perhaps it is trying to tell you that you should be using SELinux rules
> > not kernel hacks for this purpose ?
>
> I don't think selinux can give you the granularity to say
> "process can access this bit of the file only", at least not yet.
>
> Even if that was capable however, it still doesn't solve the problem.
> Pavel's implementation wants to write to arbitary address spaces, which is
> what we're trying to prevent. The two are at odds with each other.
I do not think thats a security problem. By definition, suspending code
can change arbitrary things in memory -- it could just write image with
changes it desires, then resume from it. Whether this code is in kernel
or not, it has to be trusted.
--
64 bytes from 195.113.31.123: icmp_seq=28 ttl=51 time=448769.1 ms
next prev parent reply other threads:[~2005-11-20 21:23 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-15 21:29 [RFC] userland swsusp Pavel Machek
2005-11-15 21:32 ` [linux-pm] " Greg KH
2005-11-15 22:03 ` Pavel Machek
2005-11-15 22:25 ` Dave Jones
2005-11-15 23:32 ` Pavel Machek
2005-11-15 23:40 ` Dave Jones
2005-11-16 8:56 ` Pavel Machek
2005-11-16 21:41 ` Rafael J. Wysocki
2005-11-16 4:35 ` Dumitru Ciobarcianu
2005-11-16 6:14 ` Greg KH
2005-11-16 6:00 ` Nigel Cunningham
2005-11-16 16:50 ` Greg KH
2005-11-16 19:57 ` Nigel Cunningham
2005-11-16 21:35 ` Pavel Machek
2005-11-16 21:13 ` Nigel Cunningham
2005-11-16 22:47 ` Pavel Machek
2005-11-16 21:53 ` Nigel Cunningham
2005-11-23 10:16 ` Lorenzo Colitti
2005-11-23 12:02 ` Pavel Machek
2005-11-19 9:32 ` Rob Landley
2005-11-19 23:51 ` Pavel Machek
2005-11-18 19:36 ` Alan Cox
2005-11-18 21:18 ` Dave Jones
2005-11-18 21:20 ` Greg KH
2005-11-19 23:43 ` Pavel Machek [this message]
2005-11-20 21:48 ` Dave Jones
2005-11-20 22:09 ` Pavel Machek
2005-11-21 11:47 ` Rafael J. Wysocki
2005-11-21 14:19 ` Pavel Machek
2005-11-18 21:23 ` Arjan van de Ven
2005-11-18 22:07 ` Alan Cox
2005-11-19 4:18 ` Jesse Barnes
2005-11-19 8:44 ` Arjan van de Ven
2005-11-18 23:34 ` Pavel Machek
-- strict thread matches above, loose matches on Subject: below --
2005-11-16 16:10 Gross, Mark
2005-11-16 16:44 ` Greg KH
2005-11-16 20:20 ` Nigel Cunningham
2005-11-16 22:05 ` Pavel Machek
2005-11-16 21:13 ` Nigel Cunningham
2005-11-16 22:41 ` Rafael J. Wysocki
2005-11-16 22:50 ` Pavel Machek
2005-11-17 17:02 ` Olivier Galibert
2005-11-17 19:57 ` Lee Revell
2005-11-17 20:12 ` Olivier Galibert
2005-11-17 20:20 ` Lee Revell
2005-11-17 20:37 ` Dave Jones
2005-11-17 20:46 ` Lee Revell
2005-11-17 20:59 ` Dave Jones
2005-11-17 20:54 ` Lee Revell
2005-11-17 21:01 ` Dave Jones
2005-11-17 21:06 ` Chris Wright
2005-11-17 21:14 ` Lee Revell
2005-11-17 21:18 ` Chris Wright
2005-11-17 21:45 ` Diego Calleja
2005-11-17 21:09 ` Matthew Garrett
2005-11-17 21:16 ` Lee Revell
2005-11-17 20:47 ` Lee Revell
2005-11-16 22:10 ` Greg KH
2005-11-16 21:25 ` Nigel Cunningham
2005-11-17 7:14 ` Arjan van de Ven
2005-11-16 19:10 ` Pavel Machek
2005-11-17 16:54 ` Olivier Galibert
2005-11-17 16:44 ` Greg KH
2005-11-17 17:03 ` Patrick Mochel
2005-11-17 17:31 ` Olivier Galibert
2005-11-17 20:15 ` Jacek Kawa
2005-11-17 21:56 ` Greg KH
2005-11-18 17:41 ` Jacek Kawa
2005-11-18 23:22 ` Pavel Machek
2005-11-17 18:50 Starikovskiy, Alexey Y
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20051119234331.GA1952@spitz.ucw.cz \
--to=pavel@ucw.cz \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=davej@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@lists.osdl.org \
--cc=rjw@sisk.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox