The patch has been accepted upstream and is not in Linus's tree in 3.14-rc1 :
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7984754b99b6c89054edc405e9d9d35810a91d36 Kernel 3.13 is planned for Trusty but I will see if we can bring this patchset into Trusty -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1259570 Title: kexec should get a disabling sysctl Status in “linux” package in Ubuntu: Confirmed Status in “linux” source package in Precise: Confirmed Status in “linux” source package in Quantal: New Status in “linux” source package in Raring: New Status in “linux” source package in Saucy: New Status in “linux” source package in Trusty: Confirmed Bug description: To enable kexec makes sense for a generic distro kernel. But if your users have root in their virtual machines, and you want to make it hard for them to run code in ring 0, you commonly disable further module loading and you also want to disable kexec[1]. Kees Cook wrote up a patch[2] that we'd like to see applied to the Ubuntu kernel to avoid recompilation of the distro kernel. I'm marking this as a security issue on the ground that it's quite surprising that setting kernel.modules_disabled=1 as a hardening feature can be subverted by using kexec. [1] http://mjg59.dreamwidth.org/28746.html [2] https://lkml.org/lkml/2013/12/9/765 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1259570/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
