Re: [PATCH 00/16] Kernel lockdown

From: One Thousand Gnomes
Date: Wed Nov 30 2016 - 09:28:03 EST

Next message: Eric Dumazet: "Re: [PATCH 4.4 00/21] 4.4.36-stable review"
Previous message: Joerg Roedel: "Re: [PATCH] iommu/vt-d: Flush old iotlb for kdump when the device gets context mapped"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> This applies equally to the kernel command line, and given that we
> cannot authenticate it, we should whitelist params that we know to be
> safe, and filter out all others. A similar concern exists for the
> device tree on ARM/arm64, and we already disable the DTB loader in the
> UEFI stub if secure boot is enabled.

Or you sign the boot command line.

> > Without that at least fixed I don't see the point in merging this. Either
> > we don't do it (which given the level of security the current Linux
> > kernel provides, and also all the golden key messups from elsewhere might
> > be the honest approach), or at least try and do the job right.
> >
> > Less security is better than fake security. If you've got less security
> > your take appropriate precautions. If you rely on fake security you don't.
> >
>
> In general, I think kernel hardening is an important topic

It is - so pushing something with known trivial holes isn't a useful way
to do this. The module parameter hole needs to be addressed before this
is fit for upstream.

Alan

Next message: Eric Dumazet: "Re: [PATCH 4.4 00/21] 4.4.36-stable review"
Previous message: Joerg Roedel: "Re: [PATCH] iommu/vt-d: Flush old iotlb for kdump when the device gets context mapped"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]