From: "H. Peter Anvin" <hpa@zytor.com>
To: Matthew Garrett <matthew.garrett@nebula.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"keescook@chromium.org" <keescook@chromium.org>,
"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
"jmorris@namei.org" <jmorris@namei.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 01/12] Add BSD-style securelevel support
Date: Mon, 09 Sep 2013 09:42:59 -0700 [thread overview]
Message-ID: <522DFA93.50308@zytor.com> (raw)
In-Reply-To: <1378744207.17982.3.camel@x230.lan>
On 09/09/2013 09:30 AM, Matthew Garrett wrote:
> On Mon, 2013-09-09 at 09:27 -0700, H. Peter Anvin wrote:
>
>> This will break or have to be redefined once you have signed kexec.
>
> Yeah. I wasn't really sure how to define it based on an implementation
> that isn't there yet - saying "kexec_load() of untrusted binaries"
> implies that there's some way to do it for trusted binaries.
>
However, this is the fundamental problem with securelevel: it assumes
there is not only a strict ordering between things to be secured, but
also that specific rings will remain the meaningful levels forever.
Neither of this tend to be true long time... which leads one back to
capabilities.
-hpa
next prev parent reply other threads:[~2013-09-09 16:43 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-09 15:49 [PATCH 00/12] One more attempt at useful kernel lockdown Matthew Garrett
2013-09-09 15:49 ` [PATCH 01/12] Add BSD-style securelevel support Matthew Garrett
2013-09-09 16:27 ` H. Peter Anvin
2013-09-09 16:30 ` Matthew Garrett
2013-09-09 16:42 ` H. Peter Anvin [this message]
2013-09-09 16:44 ` Matthew Garrett
2013-09-09 16:51 ` H. Peter Anvin
2013-09-09 16:55 ` Matthew Garrett
2013-09-09 18:31 ` Matthew Garrett
2013-09-09 15:49 ` [PATCH 02/12] Enforce module signatures when securelevel is greater than 0 Matthew Garrett
2013-09-09 15:49 ` [PATCH 03/12] PCI: Lock down BAR access when securelevel is enabled Matthew Garrett
2013-09-09 15:49 ` [PATCH 04/12] x86: Lock down IO port " Matthew Garrett
2013-09-09 15:49 ` [PATCH 05/12] Restrict /dev/mem and /dev/kmem when securelevel is set Matthew Garrett
2013-09-09 15:49 ` [PATCH 06/12] acpi: Limit access to custom_method if " Matthew Garrett
2013-09-09 15:49 ` [PATCH 07/12] acpi: Ignore acpi_rsdp kernel parameter when " Matthew Garrett
2013-11-26 12:54 ` Josh Boyer
2013-09-09 15:49 ` [PATCH 08/12] kexec: Disable at runtime if securelevel has been set Matthew Garrett
2013-09-09 15:49 ` [PATCH 09/12] uswsusp: Disable when securelevel is set Matthew Garrett
2013-09-09 15:49 ` [PATCH 10/12] x86: Restrict MSR access " Matthew Garrett
2013-09-09 15:49 ` [PATCH 11/12] asus-wmi: Restrict debugfs interface " Matthew Garrett
2013-09-09 15:49 ` [PATCH 12/12] Add option to automatically set securelevel when in Secure Boot mode Matthew Garrett
2013-09-09 17:18 ` [PATCH 00/12] One more attempt at useful kernel lockdown Valdis.Kletnieks
2013-09-09 17:24 ` Matthew Garrett
2013-09-09 18:25 ` David Lang
2013-09-09 18:28 ` Matthew Garrett
2013-09-09 18:40 ` David Lang
2013-09-09 18:42 ` Matthew Garrett
2013-09-09 18:53 ` David Lang
2013-09-09 19:06 ` Matthew Garrett
2013-09-09 19:59 ` David Lang
2013-09-09 20:06 ` Matthew Garrett
2013-09-09 20:15 ` David Lang
2013-09-09 20:17 ` Matthew Garrett
2013-09-09 19:01 ` Valdis.Kletnieks
2013-09-09 19:08 ` Matthew Garrett
2013-09-09 19:41 ` H. Peter Anvin
2013-09-09 19:52 ` Josh Boyer
2013-09-09 19:56 ` H. Peter Anvin
2013-09-09 19:58 ` Josh Boyer
2013-09-09 20:02 ` H. Peter Anvin
2013-09-09 20:10 ` David Lang
2013-09-09 20:13 ` Josh Boyer
2013-09-09 23:02 ` Matthew Garrett
2013-09-09 23:19 ` David Lang
2013-09-09 23:20 ` Kees Cook
2013-09-09 23:30 ` James Bottomley
2013-09-09 23:34 ` Kees Cook
2013-09-10 0:53 ` Matthew Garrett
2013-09-10 2:44 ` David Lang
2013-09-10 2:55 ` Matthew Garrett
2013-09-10 3:09 ` David Lang
2013-09-10 3:53 ` Matthew Garrett
2013-09-10 17:23 ` Henrique de Moraes Holschuh
2013-09-10 18:26 ` Matthew Garrett
2013-09-10 18:29 ` H. Peter Anvin
2013-09-10 18:51 ` gregkh
2013-09-10 18:55 ` Kees Cook
2013-09-10 19:17 ` David Lang
2013-09-10 19:44 ` H. Peter Anvin
2013-09-10 23:43 ` Mimi Zohar
2013-09-10 23:48 ` H. Peter Anvin
2013-09-10 23:55 ` Mimi Zohar
2013-09-10 23:58 ` H. Peter Anvin
2013-09-10 18:48 ` Kees Cook
2013-09-11 9:32 ` joeyli
2013-09-09 20:30 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=522DFA93.50308@zytor.com \
--to=hpa@zytor.com \
--cc=gregkh@linuxfoundation.org \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=matthew.garrett@nebula.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox