Re: RFC: Tainting the kernel on raw I/O access

From: H. Peter Anvin
Date: Wed Sep 03 2014 - 18:25:41 EST

Next message: Greg Kroah-Hartman: "[PATCH 3.16 094/125] ext4: propagate errors up to ext4_find_entry()s callers"
Previous message: Greg Kroah-Hartman: "[PATCH 3.16 046/125] hwmon: (dme1737) Prevent overflow problem when writing large limits"
In reply to: One Thousand Gnomes: "Re: RFC: Tainting the kernel on raw I/O access"
Next in thread: One Thousand Gnomes: "Re: RFC: Tainting the kernel on raw I/O access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 09/03/2014 03:20 PM, One Thousand Gnomes wrote:
>
> If you just want some "detector bits" for bug report filtering them its
> quite a different need to fixing "secure" boot mode. Even in the detector
> bits case there should be an overall plan and some defined properties
> that provide the security and which you can show should always be true.
>

As far as I'm concerning this is just a set of "detector bits". My
observation was simply that this is a *subset* of what "secure boot"
will eventually need.

Secure boot will need the error path no matter what... tainting
obviously doesn't.

(As far as I'm concerned, I'd be happy tainting the kernel for any
operation that requires CAP_RAWIO, but maybe that is too extreme.)

-hpa

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg Kroah-Hartman: "[PATCH 3.16 094/125] ext4: propagate errors up to ext4_find_entry()s callers"
Previous message: Greg Kroah-Hartman: "[PATCH 3.16 046/125] hwmon: (dme1737) Prevent overflow problem when writing large limits"
In reply to: One Thousand Gnomes: "Re: RFC: Tainting the kernel on raw I/O access"
Next in thread: One Thousand Gnomes: "Re: RFC: Tainting the kernel on raw I/O access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]