Re: BTI interaction between seccomp filters in systemd and glibc mprotect calls, causing service failures

On Saturday, October 24, 2020 2:12 PM, Salvatore Mesoraca wrote: > On Sat, 24 Oct 2020 at 12:34, Topi Miettinen toiwo...@gmail.com wrote: > > > On 23.10.2020 20.52, Salvatore Mesoraca wrote: > > > > > Hi, > > > On Thu, 22 Oct 2020 at 23:24, Topi Miettinen toiwo...@gmail.com wrote: > > > > > > >

Re: [PATCH v5 00/12] S.A.R.A. a new stacked LSM

On Saturday, July 6, 2019 10:54 AM, Salvatore Mesoraca wrote: > S.A.R.A. is meant to be stacked but it needs cred blobs and the procattr > interface, so I temporarily implemented those parts in a way that won't > be acceptable for upstream, but it works for now. I know that there > is some

Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC

On Wednesday, December 12, 2018 9:17 AM, Mickaël Salaün wrote: > Hi, > > The goal of this patch series is to control script interpretation. A > new O_MAYEXEC flag used by sys_open() is added to enable userland script > interpreter to delegate to the kernel (and thus the system security >

Re: [PATCH v1 2/2]: Documentation/admin-guide: introduce perf-security.rst file

On Monday, November 19, 2018 11:46 AM, Peter Zijlstra wrote: > On Mon, Nov 19, 2018 at 10:35:59AM +0000, Jordan Glover wrote: > > > On Monday, November 19, 2018 6:42 AM, Alexey Budankov > > alexey.budan...@linux.intel.com wrote: > > > > > +>=3: > >

Re: [PATCH v1 2/2]: Documentation/admin-guide: introduce perf-security.rst file

On Monday, November 19, 2018 11:46 AM, Peter Zijlstra wrote: > On Mon, Nov 19, 2018 at 10:35:59AM +0000, Jordan Glover wrote: > > > On Monday, November 19, 2018 6:42 AM, Alexey Budankov > > alexey.budan...@linux.intel.com wrote: > > > > > +>=3: > >

Re: [PATCH v1 2/2]: Documentation/admin-guide: introduce perf-security.rst file

On Monday, November 19, 2018 6:42 AM, Alexey Budankov wrote: > Implement initial version of perf-security.rst documentation file > initially covering security concerns related to PCL/Perf performance > monitoring in multiuser environments. > > Suggested-by: Thomas Gleixner t...@linutronix.de >

Re: [PATCH v1 2/2]: Documentation/admin-guide: introduce perf-security.rst file

On Monday, November 19, 2018 6:42 AM, Alexey Budankov wrote: > Implement initial version of perf-security.rst documentation file > initially covering security concerns related to PCL/Perf performance > monitoring in multiuser environments. > > Suggested-by: Thomas Gleixner t...@linutronix.de >

Re: [patch V3 05/11] x86/mm/cpa: Add debug mechanism

Hello, The patch "x86/mm/cpa: Add debug mechanism" (https://lore.kernel.org/lkml/20180917143546.078998...@linutronix.de/) caused a thousands of messages during boot on my machine. They look like below: kernel: CPA protectText RO: 0x8affc000 - 0x8affcfff PFN 12cffc req

Re: [patch V3 05/11] x86/mm/cpa: Add debug mechanism

Hello, The patch "x86/mm/cpa: Add debug mechanism" (https://lore.kernel.org/lkml/20180917143546.078998...@linutronix.de/) caused a thousands of messages during boot on my machine. They look like below: kernel: CPA protectText RO: 0x8affc000 - 0x8affcfff PFN 12cffc req

Re: [PATCH security-next v4 23/32] selinux: Remove boot parameter

Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ On Thursday, October 4, 2018 6:18 PM, Kees Cook wrote: > > I don't want to overload "security=", but we can if we want. It would > be as above, but a trailing comma would be needed to trigger the > "ordering" behavior. e.g.

Re: [PATCH security-next v4 23/32] selinux: Remove boot parameter

Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ On Thursday, October 4, 2018 6:18 PM, Kees Cook wrote: > > I don't want to overload "security=", but we can if we want. It would > be as above, but a trailing comma would be needed to trigger the > "ordering" behavior. e.g.

Re: [PATCH] tracing: do not leak kernel addresses

On July 27, 2018 12:15 AM, Steven Rostedt wrote: > On Thu, 26 Jul 2018 09:52:11 -0700 > Nick Desaulniers ndesaulni...@google.com wrote: > > > See the section "Kernel addresses" in > > Documentation/security/self-protection. IIRC, the issue is that a > > process may have CAP_SYSLOG but not

Re: [PATCH] tracing: do not leak kernel addresses

On July 27, 2018 12:15 AM, Steven Rostedt wrote: > On Thu, 26 Jul 2018 09:52:11 -0700 > Nick Desaulniers ndesaulni...@google.com wrote: > > > See the section "Kernel addresses" in > > Documentation/security/self-protection. IIRC, the issue is that a > > process may have CAP_SYSLOG but not

Re: [PATCH v13 0/6] Introduce the STACKLEAK feature and a test for it

On June 24, 2018 9:18 AM, Ingo Molnar wrote: > - Alexander Popov alex.po...@linux.com wrote: > > > On 22.06.2018 06:16, Ingo Molnar wrote: > > > > > - Kees Cook keesc...@chromium.org wrote: > > > > > > > On Thu, Jun 21, 2018 at 7:07 PM, Kees Cook keesc...@chromium.org wrote: > > > > > >

Re: [PATCH v13 0/6] Introduce the STACKLEAK feature and a test for it

On June 24, 2018 9:18 AM, Ingo Molnar wrote: > - Alexander Popov alex.po...@linux.com wrote: > > > On 22.06.2018 06:16, Ingo Molnar wrote: > > > > > - Kees Cook keesc...@chromium.org wrote: > > > > > > > On Thu, Jun 21, 2018 at 7:07 PM, Kees Cook keesc...@chromium.org wrote: > > > > > >

Re: [PATCH 01/24] Add the ability to lock down access to the running kernel image

On April 11, 2018 8:09 PM, Linus Torvalds wrote: > On Wed, Apr 11, 2018 at 9:24 AM, David Howells dhowe...@redhat.com wrote: > > > Provide a single call to allow kernel code to determine whether the system > > > > should be locked down, thereby disallowing

Re: [PATCH 01/24] Add the ability to lock down access to the running kernel image

On April 11, 2018 8:09 PM, Linus Torvalds wrote: > On Wed, Apr 11, 2018 at 9:24 AM, David Howells dhowe...@redhat.com wrote: > > > Provide a single call to allow kernel code to determine whether the system > > > > should be locked down, thereby disallowing various accesses that might > > > >