Re: [PATCH v3 3/3] SROP mitigation: Add sysctl to disable SROP protection.

From: One Thousand Gnomes
Date: Tue Mar 08 2016 - 16:01:29 EST

Next message: One Thousand Gnomes: "Re: [PATCH v3 2/3] x86: SROP mitigation: implement signal cookies"
Previous message: Joe Perches: "Re: [RFC 7/7] USB: usbatm: avoid fragile and inefficient snprintf use"
In reply to: Scott Bauer: "[PATCH v3 3/3] SROP mitigation: Add sysctl to disable SROP protection."
Next in thread: Kees Cook: "Re: [kernel-hardening] Re: [PATCH v3 3/3] SROP mitigation: Add sysctl to disable SROP protection."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 8 Mar 2016 13:47:55 -0700
Scott Bauer <sbauer@xxxxxxxxxxxx> wrote:

> This patch adds a sysctl argument to disable SROP protection.

Shouldn't it be a sysctl to enable it irrevocably, otherwise if I have DAC
capability I can turn off SROP and attack something to get to higher
capability levels ?

(The way almost all distros are set up its kind of academic but for a
properly secured system it might matter).

Alan

Next message: One Thousand Gnomes: "Re: [PATCH v3 2/3] x86: SROP mitigation: implement signal cookies"
Previous message: Joe Perches: "Re: [RFC 7/7] USB: usbatm: avoid fragile and inefficient snprintf use"
In reply to: Scott Bauer: "[PATCH v3 3/3] SROP mitigation: Add sysctl to disable SROP protection."
Next in thread: Kees Cook: "Re: [kernel-hardening] Re: [PATCH v3 3/3] SROP mitigation: Add sysctl to disable SROP protection."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]