On Wed, Mar 27, 2019 at 10:39:53AM -0700, Andy Lutomirski wrote:
> On Tue, Mar 26, 2019 at 10:33 PM Greg KH wrote:
> >
> > On Tue, Mar 26, 2019 at 10:29:41PM -0700, Andy Lutomirski wrote:
> > >
> > >
> > > > On Mar 26, 2019, at 10:06 PM, Greg KH
> > > > wrote:
> > > >
> > > >> On Tue, Mar 26,
On Wed, Mar 27, 2019 at 10:42:18AM -0700, Matthew Garrett wrote:
> On Wed, Mar 27, 2019 at 10:40 AM Andy Lutomirski wrote:
> > As far as I'm concerned, preventing root from crashing the system
> > should not be a design goal of lockdown at all. And I think that the
> > "integrity" mode should be
On Wed, Mar 27, 2019 at 10:40 AM Andy Lutomirski wrote:
> As far as I'm concerned, preventing root from crashing the system
> should not be a design goal of lockdown at all. And I think that the
> "integrity" mode should be as non-annoying as possible, so I think we
> should allow reading from
On Tue, Mar 26, 2019 at 10:33 PM Greg KH wrote:
>
> On Tue, Mar 26, 2019 at 10:29:41PM -0700, Andy Lutomirski wrote:
> >
> >
> > > On Mar 26, 2019, at 10:06 PM, Greg KH wrote:
> > >
> > >> On Tue, Mar 26, 2019 at 09:29:14PM -0700, Andy Lutomirski wrote:
> > >>> On Tue, Mar 26, 2019 at 5:31 PM
On Wed, 27 Mar 2019, Greg KH wrote:
> Personally, I think these are all just "confidentiality" type things,
> but who really knows given the wild-west nature of debugfs (which is as
> designed). And given that I think this patch series just crazy anyway,
> I really don't care :)
Why do you
On Tue, Mar 26, 2019 at 10:29:41PM -0700, Andy Lutomirski wrote:
>
>
> > On Mar 26, 2019, at 10:06 PM, Greg KH wrote:
> >
> >> On Tue, Mar 26, 2019 at 09:29:14PM -0700, Andy Lutomirski wrote:
> >>> On Tue, Mar 26, 2019 at 5:31 PM Greg KH
> >>> wrote:
> >>>
> On Tue, Mar 26, 2019 at
> On Mar 26, 2019, at 10:06 PM, Greg KH wrote:
>
>> On Tue, Mar 26, 2019 at 09:29:14PM -0700, Andy Lutomirski wrote:
>>> On Tue, Mar 26, 2019 at 5:31 PM Greg KH wrote:
>>>
On Tue, Mar 26, 2019 at 12:20:24PM -0700, Andy Lutomirski wrote:
On Tue, Mar 26, 2019 at 11:28 AM Matthew
On Tue, Mar 26, 2019 at 09:29:14PM -0700, Andy Lutomirski wrote:
> On Tue, Mar 26, 2019 at 5:31 PM Greg KH wrote:
> >
> > On Tue, Mar 26, 2019 at 12:20:24PM -0700, Andy Lutomirski wrote:
> > > On Tue, Mar 26, 2019 at 11:28 AM Matthew Garrett
> > > wrote:
> > > >
> > > > From: Matthew Garrett
>
On Tue, Mar 26, 2019 at 5:31 PM Greg KH wrote:
>
> On Tue, Mar 26, 2019 at 12:20:24PM -0700, Andy Lutomirski wrote:
> > On Tue, Mar 26, 2019 at 11:28 AM Matthew Garrett
> > wrote:
> > >
> > > From: Matthew Garrett
> > >
> > > debugfs has not been meaningfully audited in terms of ensuring that
>
On Tue, Mar 26, 2019 at 07:06:36PM -0700, Matthew Garrett wrote:
> On Tue, Mar 26, 2019 at 5:31 PM Greg KH wrote:
> > On Tue, Mar 26, 2019 at 11:27:41AM -0700, Matthew Garrett wrote:
> > > From: Matthew Garrett
> > >
> > > debugfs has not been meaningfully audited in terms of ensuring that
> > >
On Tue, Mar 26, 2019 at 5:31 PM Greg KH wrote:
> On Tue, Mar 26, 2019 at 11:27:41AM -0700, Matthew Garrett wrote:
> > From: Matthew Garrett
> >
> > debugfs has not been meaningfully audited in terms of ensuring that
> > userland cannot trample over the kernel. At Greg's request, disable
> >
On Tue, Mar 26, 2019 at 11:27:41AM -0700, Matthew Garrett wrote:
> From: Matthew Garrett
>
> debugfs has not been meaningfully audited in terms of ensuring that
> userland cannot trample over the kernel. At Greg's request, disable
> access to it entirely when the kernel is locked down. This is
On Tue, Mar 26, 2019 at 12:20:24PM -0700, Andy Lutomirski wrote:
> On Tue, Mar 26, 2019 at 11:28 AM Matthew Garrett
> wrote:
> >
> > From: Matthew Garrett
> >
> > debugfs has not been meaningfully audited in terms of ensuring that
> > userland cannot trample over the kernel. At Greg's request,
On Tue, Mar 26, 2019 at 12:20 PM Andy Lutomirski wrote:
> Ugh. Some of those files are very useful. Could this perhaps still
> allow O_RDONLY if we're in INTEGRITY mode?
The previous implementation did, but Greg wanted it to go away entirely.
On Tue, Mar 26, 2019 at 11:28 AM Matthew Garrett
wrote:
>
> From: Matthew Garrett
>
> debugfs has not been meaningfully audited in terms of ensuring that
> userland cannot trample over the kernel. At Greg's request, disable
> access to it entirely when the kernel is locked down. This is done at
15 matches
Mail list logo