Re: [kernel-hardening] Re: [PATCH v3 3/3] SROP mitigation: Add sysctl to disable SROP protection.

From: Kees Cook
Date: Thu Mar 10 2016 - 01:36:33 EST

Next message: Andy Lutomirski: "Re: [PATCH 03/11] x86/mm/hotplug: Don't remove PGD entries in remove_pagetable()"
Previous message: Stephen Rothwell: "linux-next: Tree for Mar 10"
In reply to: One Thousand Gnomes: "Re: [PATCH v3 3/3] SROP mitigation: Add sysctl to disable SROP protection."
Next in thread: Andy Lutomirski: "Re: [kernel-hardening] Re: [PATCH v3 3/3] SROP mitigation: Add sysctl to disable SROP protection."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Mar 8, 2016 at 1:00 PM, One Thousand Gnomes
<gnomes@xxxxxxxxxxxxxxxxxxx> wrote:
> On Tue, 8 Mar 2016 13:47:55 -0700
> Scott Bauer <sbauer@xxxxxxxxxxxx> wrote:
>
>> This patch adds a sysctl argument to disable SROP protection.
>
> Shouldn't it be a sysctl to enable it irrevocably, otherwise if I have DAC
> capability I can turn off SROP and attack something to get to higher
> capability levels ?
>
> (The way almost all distros are set up its kind of academic but for a
> properly secured system it might matter).

Perhaps use proc_dointvec_minmax_sysadmin instead to tie changes
strictly to CAP_SYS_ADMIN?

-Kees

>
> Alan

--
Kees Cook
Chrome OS & Brillo Security

Next message: Andy Lutomirski: "Re: [PATCH 03/11] x86/mm/hotplug: Don't remove PGD entries in remove_pagetable()"
Previous message: Stephen Rothwell: "linux-next: Tree for Mar 10"
In reply to: One Thousand Gnomes: "Re: [PATCH v3 3/3] SROP mitigation: Add sysctl to disable SROP protection."
Next in thread: Andy Lutomirski: "Re: [kernel-hardening] Re: [PATCH v3 3/3] SROP mitigation: Add sysctl to disable SROP protection."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]