Re: [PATCH 2/2] x86: Allow disabling of sys_iopl, sys_ioperm

From: Mike Waychison
Date: Thu Jul 14 2011 - 19:21:31 EST


On Thu, Jul 14, 2011 at 4:00 PM, Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote:
>> > a) you can do this with a security module
>>
>> I can?   How?   The whole LSM approach seems intractable to me.
>
> It would certainly need some trivial tweaking (to be specific we'd need
> to move from capable(x) to capable_syscall(x, syscall_code) for those
> interfaces that mattered, but that would probably be a good thing anyway
> from the point of view of beating the capability model into something more
> flexible and would help stuff like SELinux as well I think.

The idea of building more obtuse logic on top of posix capabilities
made me puke in my mouth :(

>
> We have an underlying separation of security from the other details - we
> really should keep it clean that way.

An aspect oriented approach to security is probably fine for
environments where you want to allow somebody access to features.

In my case, I simply don't want these "features", which is why I took
the compile time approach to turning this stuff off. I realize that
these syscalls (and the /dev/port interface) are not comprehensive (I
didn't say they were either). I'm happy though to take suggestions
for stuff I probably should be disabling considering my goal of making
it difficult for root to compromise a system. And yes, modules are
disabled :)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/