Re: RFC: Tainting the kernel on raw I/O access
From: One Thousand Gnomes
Date: Thu Sep 04 2014 - 12:02:42 EST
On Wed, 03 Sep 2014 15:25:32 -0700
"H. Peter Anvin" <h.peter.anvin@xxxxxxxxx> wrote:
> On 09/03/2014 03:20 PM, One Thousand Gnomes wrote:
> > If you just want some "detector bits" for bug report filtering them its
> > quite a different need to fixing "secure" boot mode. Even in the detector
> > bits case there should be an overall plan and some defined properties
> > that provide the security and which you can show should always be true.
> As far as I'm concerning this is just a set of "detector bits". My
> observation was simply that this is a *subset* of what "secure boot"
> will eventually need.
I think that observation is untrue. The only partially overap.
> (As far as I'm concerned, I'd be happy tainting the kernel for any
> operation that requires CAP_RAWIO, but maybe that is too extreme.)
You can't then for example format some types of disk in your data center.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/