On May 24, 2020 2:19:45 PM PDT, Sasha Levin <[email protected]> wrote: >On Sun, May 24, 2020 at 12:45:18PM -0700, [email protected] wrote: >>There are legitimate reasons to write a root-hole module, the main one >being able to test security features like SMAP. I have requested before >a TAINT flag specifically for this purpose, because TAINT_CRAP is >nowhere near explicit enough, and is also used for staging drivers. >Call it TAINT_TOXIC or TAINT_ROOTHOLE; it should always be accompanied >with a CRIT level alert. > >What I don't like about our current system of TAINT_* flags is that >while we can improve it as much as we want, no one outside of the >kernel >tree seems to be using it. While Thomas may have been commenting on >Graphene's behaviour, look at any other code that did the same thing: > >- Graphene: >https://github.com/oscarlab/graphene-sgx-driver/blob/master/gsgx.c >- Occlum: >https://github.com/occlum/enable_rdfsbase/blob/master/enable_rdfsbase.c >- SGX-LKL: >https://github.com/lsds/sgx-lkl/blob/master/tools/kmod-set-fsgsbase/mod_set_cr4_fsgsbase.c > >None of which set even the CRAP flag.
That's a separate problem, but I would personally want to have it for my own test modules in case one ever escapes. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
