Re: [PATCH 01/12] Add BSD-style securelevel support

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: "H. Peter Anvin" <hpa@zytor.com>
To: Matthew Garrett <matthew.garrett@nebula.com>
Cc: linux-kernel@vger.kernel.org, keescook@chromium.org,
	gregkh@linuxfoundation.org, linux-efi@vger.kernel.org,
	jmorris@namei.org, linux-security-module@vger.kernel.org
Subject: Re: [PATCH 01/12] Add BSD-style securelevel support
Date: Mon, 09 Sep 2013 09:27:08 -0700	[thread overview]
Message-ID: <522DF6DC.1050303@zytor.com> (raw)
In-Reply-To: <1378741786-18430-2-git-send-email-matthew.garrett@nebula.com>

On 09/09/2013 08:49 AM, Matthew Garrett wrote:
> Provide a coarse-grained runtime configuration option for restricting
> userspace's ability to modify the running kernel.
> 
> Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
> ---
>  Documentation/security/securelevel.txt |  23 +++++++
>  include/linux/security.h               |   8 +++
>  security/Kconfig                       |   8 +++
>  security/Makefile                      |   1 +
>  security/securelevel.c                 | 116 +++++++++++++++++++++++++++++++++
>  5 files changed, 156 insertions(+)
>  create mode 100644 Documentation/security/securelevel.txt
>  create mode 100644 security/securelevel.c
> 
> diff --git a/Documentation/security/securelevel.txt b/Documentation/security/securelevel.txt
> new file mode 100644
> index 0000000..a1355a0
> --- /dev/null
> +++ b/Documentation/security/securelevel.txt
> @@ -0,0 +1,23 @@
> +Linux securelevel interface
> +---------------------------
> +
> +The Linux securelevel interface (inspired by the BSD securelevel interface)
> +is a runtime mechanism for configuring coarse-grained kernel-level security
> +restrictions. It provides a runtime configuration variable at
> +/sys/kernel/security/securelevel which can be written to by root. The
> +following values are supported:
> +
> +-1: Permanently insecure mode. This level is equivalent to level 0, but once
> +    set cannot be changed.
> +
> +0:  Insecure mode (default). This level imposes no additional kernel
> +    restrictions.
> +
> +1:  Secure mode. If set, userspace will be unable to perform direct access
> +    to PCI devices, port IO access, access system memory directly via
> +    /dev/mem and /dev/kmem, perform kexec_load(), use the userspace
> +    software suspend mechanism, insert new ACPI code at runtime via the
> +    custom_method interface or modify CPU MSRs (on x86). Certain drivers
> +    may also limit additional interfaces.
> +

This will break or have to be redefined once you have signed kexec.

	-hpa

next prev parent reply	other threads:[~2013-09-09 16:27 UTC|newest]

Thread overview: 66+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-09 15:49 [PATCH 00/12] One more attempt at useful kernel lockdown Matthew Garrett
2013-09-09 15:49 ` [PATCH 01/12] Add BSD-style securelevel support Matthew Garrett
2013-09-09 16:27   ` H. Peter Anvin [this message]
2013-09-09 16:30     ` Matthew Garrett
2013-09-09 16:42       ` H. Peter Anvin
2013-09-09 16:44         ` Matthew Garrett
2013-09-09 16:51           ` H. Peter Anvin
2013-09-09 16:55             ` Matthew Garrett
2013-09-09 18:31     ` Matthew Garrett
2013-09-09 15:49 ` [PATCH 02/12] Enforce module signatures when securelevel is greater than 0 Matthew Garrett
2013-09-09 15:49 ` [PATCH 03/12] PCI: Lock down BAR access when securelevel is enabled Matthew Garrett
2013-09-09 15:49 ` [PATCH 04/12] x86: Lock down IO port " Matthew Garrett
2013-09-09 15:49 ` [PATCH 05/12] Restrict /dev/mem and /dev/kmem when securelevel is set Matthew Garrett
2013-09-09 15:49 ` [PATCH 06/12] acpi: Limit access to custom_method if " Matthew Garrett
2013-09-09 15:49 ` [PATCH 07/12] acpi: Ignore acpi_rsdp kernel parameter when " Matthew Garrett
2013-11-26 12:54   ` Josh Boyer
2013-09-09 15:49 ` [PATCH 08/12] kexec: Disable at runtime if securelevel has been set Matthew Garrett
2013-09-09 15:49 ` [PATCH 09/12] uswsusp: Disable when securelevel is set Matthew Garrett
2013-09-09 15:49 ` [PATCH 10/12] x86: Restrict MSR access " Matthew Garrett
2013-09-09 15:49 ` [PATCH 11/12] asus-wmi: Restrict debugfs interface " Matthew Garrett
2013-09-09 15:49 ` [PATCH 12/12] Add option to automatically set securelevel when in Secure Boot mode Matthew Garrett
2013-09-09 17:18 ` [PATCH 00/12] One more attempt at useful kernel lockdown Valdis.Kletnieks
2013-09-09 17:24   ` Matthew Garrett
2013-09-09 18:25   ` David Lang
2013-09-09 18:28     ` Matthew Garrett
2013-09-09 18:40       ` David Lang
2013-09-09 18:42         ` Matthew Garrett
2013-09-09 18:53           ` David Lang
2013-09-09 19:06             ` Matthew Garrett
2013-09-09 19:59               ` David Lang
2013-09-09 20:06                 ` Matthew Garrett
2013-09-09 20:15                   ` David Lang
2013-09-09 20:17                     ` Matthew Garrett
2013-09-09 19:01     ` Valdis.Kletnieks
2013-09-09 19:08       ` Matthew Garrett
2013-09-09 19:41       ` H. Peter Anvin
2013-09-09 19:52         ` Josh Boyer
2013-09-09 19:56           ` H. Peter Anvin
2013-09-09 19:58             ` Josh Boyer
2013-09-09 20:02               ` H. Peter Anvin
2013-09-09 20:10           ` David Lang
2013-09-09 20:13             ` Josh Boyer
2013-09-09 23:02     ` Matthew Garrett
2013-09-09 23:19       ` David Lang
2013-09-09 23:20         ` Kees Cook
2013-09-09 23:30           ` James Bottomley
2013-09-09 23:34             ` Kees Cook
2013-09-10  0:53         ` Matthew Garrett
2013-09-10  2:44           ` David Lang
2013-09-10  2:55             ` Matthew Garrett
2013-09-10  3:09               ` David Lang
2013-09-10  3:53                 ` Matthew Garrett
2013-09-10 17:23                   ` Henrique de Moraes Holschuh
2013-09-10 18:26                     ` Matthew Garrett
2013-09-10 18:29                       ` H. Peter Anvin
2013-09-10 18:51                         ` gregkh
2013-09-10 18:55                           ` Kees Cook
2013-09-10 19:17                             ` David Lang
2013-09-10 19:44                               ` H. Peter Anvin
2013-09-10 23:43                                 ` Mimi Zohar
2013-09-10 23:48                                   ` H. Peter Anvin
2013-09-10 23:55                                     ` Mimi Zohar
2013-09-10 23:58                                       ` H. Peter Anvin
2013-09-10 18:48                       ` Kees Cook
2013-09-11  9:32                       ` joeyli
2013-09-09 20:30 ` Mimi Zohar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=522DF6DC.1050303@zytor.com \
    --to=hpa@zytor.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=jmorris@namei.org \
    --cc=keescook@chromium.org \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=matthew.garrett@nebula.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox