Re: An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot)

From: Jann Horn
Date: Wed Apr 04 2018 - 12:23:56 EST

Next message: Matthew Wilcox: "Re: Signal handling in a page fault handler"
Previous message: Peter Zijlstra: "Re: [PATCH] lockdep: Do not record irq state in debug_check_no_locks_freed()"
In reply to: David Howells: "Re: An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot)"
Next in thread: Andy Lutomirski: "Re: An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

+ast@xxxxxxxxxx

On Wed, Apr 4, 2018 at 6:17 PM, David Howells <dhowells@xxxxxxxxxx> wrote:
> Andy Lutomirski <luto@xxxxxxxxxx> wrote:
[...]
>> 3. All the bpf and tracing stuf, etc, gets changed so it only takes
>> effect when LOCKDOWN_PROTECT_INTEGRITY_AND_SECRECY is set.
>
> Uh, no. bpf, for example, can be used to modify kernel memory.

I'm pretty sure bpf isn't supposed to be able to modify arbitrary
kernel memory. AFAIU if you can use BPF to write to arbitrary kernel
memory, that's a bug; with CAP_SYS_ADMIN, you can read from userspace,
write to userspace, and read from kernelspace, but you shouldn't be
able to write to kernelspace.

Next message: Matthew Wilcox: "Re: Signal handling in a page fault handler"
Previous message: Peter Zijlstra: "Re: [PATCH] lockdep: Do not record irq state in debug_check_no_locks_freed()"
In reply to: David Howells: "Re: An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot)"
Next in thread: Andy Lutomirski: "Re: An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]