On Thu, 2013-08-29 at 11:22 -0700, H. Peter Anvin wrote:
On 08/19/2013 09:10 AM, Matthew Garrett wrote:
+ if (!capable(CAP_COMPROMISE_KERNEL))
+ return -EPERM;
+
Stale bits?
Yeah. Did I manage to send out the old copy of that again? I'm sorry,
spending a few months
On 08/29/2013 11:35 AM, Matthew Garrett wrote:
On Thu, 2013-08-29 at 11:22 -0700, H. Peter Anvin wrote:
On 08/19/2013 09:10 AM, Matthew Garrett wrote:
+ if (!capable(CAP_COMPROMISE_KERNEL))
+ return -EPERM;
+
Stale bits?
Yeah. Did I manage to send out the old copy of that
On Thu, 2013-08-29 at 11:46 -0700, H. Peter Anvin wrote:
On 08/29/2013 11:35 AM, Matthew Garrett wrote:
On Thu, 2013-08-29 at 11:22 -0700, H. Peter Anvin wrote:
On 08/19/2013 09:10 AM, Matthew Garrett wrote:
+ if (!capable(CAP_COMPROMISE_KERNEL))
+ return -EPERM;
+
Stale
On 08/29/2013 11:49 AM, Matthew Garrett wrote:
No, you mixed and matched in a single patch...
Right, but I'd fixed that in V2 (which I see I *did* send correctly, and
you're just replying to the old one :))
Well, I'm responding to the one that was sent 31 minutes ago.
-hpa
--
On Thu, 2013-08-29 at 12:05 -0700, H. Peter Anvin wrote:
On 08/29/2013 11:49 AM, Matthew Garrett wrote:
No, you mixed and matched in a single patch...
Right, but I'd fixed that in V2 (which I see I *did* send correctly, and
you're just replying to the old one :))
Well, I'm
On Thu, Aug 29, 2013 at 12:05:47PM -0700, H. Peter Anvin wrote:
On 08/29/2013 11:49 AM, Matthew Garrett wrote:
No, you mixed and matched in a single patch...
Right, but I'd fixed that in V2 (which I see I *did* send correctly, and
you're just replying to the old one :))
Well, I'm
We have no way of validating what all of the Asus WMI methods do on a
given machine, and there's a risk that some will allow hardware state to
be manipulated in such a way that arbitrary code can be executed in the
kernel, circumventing module loading restrictions. Prevent that if any of
these
On Mon, Aug 19, 2013 at 9:10 AM, Matthew Garrett
matthew.garr...@nebula.com wrote:
We have no way of validating what all of the Asus WMI methods do on a
given machine, and there's a risk that some will allow hardware state to
be manipulated in such a way that arbitrary code can be executed in
On Mon, 2013-08-19 at 09:20 -0700, Kees Cook wrote:
Looks like this and the next chunk weren't changed to the
secure_modules() API...
Bother. Yeah, looks like my test config had this left out.
--
Matthew Garrett matthew.garr...@nebula.com