On Tue, Apr 9, 2013 at 11:39 AM, H. Peter Anvin h...@zytor.com wrote:
On 04/09/2013 11:31 AM, Kees Cook wrote:
...
0x880001e0-0x88001fe0 480M RW PSE GLB
NX pmd
That is the 1:1 memory map area...
Meaning what?
-Kees
That's the area in which we just
On Tue, Apr 9, 2013 at 11:50 AM, H. Peter Anvin h...@zytor.com wrote:
On 04/09/2013 11:46 AM, Kees Cook wrote:
Ah-ha! Yes, I see now when comparing the debug/kernel_page_tables
reports. It's just the High Kernel Mapping that we care about.
Addresses outside that range are less of a leak
On Tue, Apr 9, 2013 at 5:14 PM, H. Peter Anvin h...@zytor.com wrote:
On 04/09/2013 09:39 AM, Kees Cook wrote:
-
static void __cpuinit intel_smp_check(struct cpuinfo_x86 *c)
{
/* calling is from identify_secondary_cpu() ? */
@@ -206,8 +192,7 @@ static void __cpuinit intel_workarounds
to deliver
the proper exception in the F0 0F case except on Intel family 5
processors.
Signed-off-by: Kees Cook keesc...@chromium.org
Cc: Eric Northup digitale...@google.com
---
v3:
- clarify commit, thanks to HPA
- add missing header file, thanks to buildbot. :)
v2:
- clarify commit and comments
!
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This provides routines for selecting a randomized kernel base offset,
bounded by the e820 entries. It tries to use RDRAND and falls back to
RDTSC. If noaslr is on the kernel command line, no offset will be used.
Heavily based on work by Dan Rosenberg and Neill Clift.
Signed-off-by: Kees Cook
This adds the ability to process relocations from the 64-bit kernel ELF,
if built with ELF_BITS=64 defined. The special case for the percpu area is
handled, along with some other symbols specific to the 64-bit kernel.
Based on work by Neill Clift and Michael Davidson.
Signed-off-by: Kees Cook
In preparation for making the reloc tool operate on 64-bit relocations,
generalize the structure names for easy recompilation via #defines.
Based on work by Neill Clift and Michael Davidson.
Signed-off-by: Kees Cook keesc...@chromium.org
---
arch/x86/tools/relocs.c | 170
.
Signed-off-by: Kees Cook keesc...@chromium.org
---
arch/x86/tools/relocs.c | 304 ++-
1 file changed, 170 insertions(+), 134 deletions(-)
diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c
index fd28ef7..bdc5930 100644
--- a/arch/x86
Since the ELF structures and access macros change size based on 32 vs
64 bits, build a separate 32-bit relocs tool (for handling realmode
and 32-bit relocations), and a 64-bit relocs tool (for handling 64-bit
kernel relocations).
Signed-off-by: Kees Cook keesc...@chromium.org
--
This is ugly
This splits up the relocs tool changes into the separate logical pieces,
which should be easier to review. I could use some suggestions on a
better way to build it in the 4th patch. What I have now seems ugly,
but Kbuild would not give me its secrets.
RO IDT was sent separately is is living in
/1105.3/index.html#00520
Signed-off-by: Kees Cook keesc...@chromium.org
Cc: Eric Northup digitale...@google.com
---
Documentation/kernel-parameters.txt |4 +
arch/x86/Kconfig | 51 +++--
arch/x86/Makefile|3 +
arch/x86/boot/compressed/head_32
to linux-pstore.git.
These look good; thanks. Feel free to add my ack if you want:
Acked-by: Kees Cook keesc...@chromium.org
Thanks!
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
to make its
content available to the jit compilation code.
In a way similar to the net BPF, the jit compilation code is expected
to updates struct seccomp_filter.bpf_func pointer to the generated
code.
Signed-off-by: Nicolas Schichan nschic...@freebox.fr
Acked-by: Kees Cook keesc
to cleanup your suggestion and send it out?
Ping? What state is this in?
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo
On Wed, Mar 13, 2013 at 4:14 PM, Josh Triplett j...@joshtriplett.org wrote:
drop_caches.c provides code only invokable via sysctl, so don't compile
it in when CONFIG_SYSCTL=n.
Signed-off-by: Josh Triplett j...@joshtriplett.org
Seems reasonable to me.
Acked-by: Kees Cook keesc...@chromium.org
On Thu, Mar 14, 2013 at 9:57 AM, Daniel Vetter daniel.vet...@ffwll.ch wrote:
On Wed, Mar 13, 2013 at 9:28 PM, Daniel Vetter dan...@ffwll.ch wrote:
On Tue, Mar 12, 2013 at 09:07:46AM +, Chris Wilson wrote:
On Mon, Mar 11, 2013 at 05:31:45PM -0700, Kees Cook wrote:
It is possible to wrap
On Fri, Mar 15, 2013 at 10:02 AM, Nicolas Schichan nschic...@freebox.fr wrote:
Signed-off-by: Nicolas Schichan nschic...@freebox.fr
Ah, good catch. Thanks!
Acked-by: Kees Cook keesc...@chromium.org
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line unsubscribe
);
}
}
--
1.7.10.4
In addition to this work, I'm curious if anyone has looked at JIT
hardening, to make it a less trivial ROP target? For example:
http://grsecurity.net/~spender/jit_prot.diff
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line unsubscribe linux
On Fri, Mar 15, 2013 at 12:10 PM, Nicolas Schichan nschic...@freebox.fr wrote:
On 03/15/2013 07:45 PM, Kees Cook wrote:
On Fri, Mar 15, 2013 at 11:28 AM, Nicolas Schichan nschic...@freebox.fr
wrote:
+/**
+ * struct seccomp_filter - container for seccomp BPF programs
+ *
+ * @usage
it can be caught when someone feels
like cleaning up invalid Kconfig symbols and macros again.
Hrm, I actually think it would be better to change this to ERROR
instead of WARN.
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line unsubscribe linux-kernel
This makes sure that release_sock is called for all error conditions in
irda_getsockopt.
Signed-off-by: Kees Cook keesc...@chromium.org
Reported-by: Brad Spengler spen...@grsecurity.net
Cc: sta...@vger.kernel.org
---
net/irda/af_irda.c |6 --
1 file changed, 4 insertions(+), 2 deletions
is the preferred conditional for use in 3.9 and
later kernels, per Kees.
Hrm, if so, we'll need to also backport the changes that aded
__ARCH_HAS_SA_RESTORER...
-Kees
thanks,
--
js
suse labs
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line unsubscribe linux-kernel
,
truncate the formatted firmware string instead of potentially overwriting
portions of the tg3 struct.
http://cansecwest.com/slides/2013/PrivateCore%20CSW%202013.pdf
Signed-off-by: Kees Cook keesc...@chromium.org
Reported-by: Oded Horovitz o...@privatecore.com
Reported-by: Brad Spengler spen
This replaces the manual read/write routines in debugfs with the common
simple attribute helpers. Doing this gets rid of repeated copy/pasting
of copy_from_user and value formatting code.
Signed-off-by: Kees Cook keesc...@chromium.org
Cc: Daniel Vetter daniel.vet...@ffwll.ch
---
drivers/gpu/drm
to me. Thanks!
Acked-by: Kees Cook keesc...@chromium.org
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please
-by: Kees Cook keesc...@chromium.org
Reported-by: Emese Revfy re.em...@gmail.com
Cc: Emese Revfy re.em...@gmail.com
Cc: PaX Team pagee...@freemail.hu
Cc: sta...@vger.kernel.org
---
kernel/signal.c |3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/signal.c b/kernel/signal.c
index
Masks kernel address info-leak in object dumps with the %pK suffix,
so they cannot be used to target kernel memory corruption attacks if
the kptr_restrict sysctl is set.
Signed-off-by: Kees Cook keesc...@chromium.org
Cc: sta...@vger.kernel.org
---
drivers/gpu/drm/i915/i915_debugfs.c |2 +-
1
This clarifies the comment above the access_ok check so a missing
VERIFY_READ doesn't alarm anyone.
Signed-off-by: Kees Cook keesc...@chromium.org
Cc: Daniel Vetter daniel.vet...@ffwll.ch
---
drivers/gpu/drm/i915/i915_gem_execbuffer.c |6 +-
1 file changed, 5 insertions(+), 1 deletion
The boxes parameter points into userspace memory. It should be verified
like any other operation against user memory.
Signed-off-by: Kees Cook keesc...@chromium.org
Cc: sta...@vger.kernel.org
---
drivers/gpu/drm/radeon/r300_cmdbuf.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff
It is possible to wrap the counter used to allocate the buffer for
relocation copies. This could lead to heap writing overflows.
Signed-off-by: Kees Cook keesc...@chromium.org
Reported-by: Pinkie Pie
Cc: sta...@vger.kernel.org
---
drivers/gpu/drm/i915/i915_gem_execbuffer.c | 10 --
1
On Mon, Mar 11, 2013 at 12:28 PM, Oleg Nesterov o...@redhat.com wrote:
On 03/11, Kees Cook wrote:
When the new signal handlers are set up for a fork, the location of
sa_restorer is not cleared, leaking a parent process's address space
location to children. This allows for a potential bypass
On Mon, Mar 11, 2013 at 12:42 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Kees Cook keesc...@chromium.org writes:
On Mon, Mar 11, 2013 at 12:28 PM, Oleg Nesterov o...@redhat.com wrote:
On 03/11, Kees Cook wrote:
When the new signal handlers are set up for a fork, the location
404469 .../libc-2.15.so
...
1 0 (nil) 0x7fb9f30b94a0
2 400 (nil) 0x7f278bcaa4a0
3 400 (nil) 0x7f278bcaa4a0
4 0 (nil) 0x7fb9f30b94a0
...
Signed-off-by: Kees Cook keesc...@chromium.org
Reported-by: Emese Revfy re.em...@gmail.com
Cc: Emese Revfy re.em...@gmail.com
Cc: PaX Team pagee...@freemail.hu
--
From: Kees Cook keesc...@chromium.org
Subject: signal: always clear sa_restorer on execve
When the new signal handlers are set up, the location of sa_restorer is
not cleared, leaking a parent process's address space location to
children. This allows
On Mon, Mar 11, 2013 at 2:01 PM, Andrew Morton
a...@linux-foundation.org wrote:
On Mon, 11 Mar 2013 13:37:53 -0700 Kees Cook keesc...@chromium.org wrote:
...
(pop toasting undone)
Subject: signal: always clear sa_restorer on execve
When the new signal handlers are set up, the location
On Mon, Mar 11, 2013 at 1:51 PM, Chris Wilson ch...@chris-wilson.co.uk wrote:
On Mon, Mar 11, 2013 at 12:26:30PM -0700, Kees Cook wrote:
This clarifies the comment above the access_ok check so a missing
VERIFY_READ doesn't alarm anyone.
Do we really need to copy the interface documentation
On Mon, Mar 11, 2013 at 1:52 PM, Chris Wilson ch...@chris-wilson.co.uk wrote:
On Mon, Mar 11, 2013 at 12:27:16PM -0700, Kees Cook wrote:
It is possible to wrap the counter used to allocate the buffer for
relocation copies. This could lead to heap writing overflows.
Seems a sensible check
It is possible to wrap the counter used to allocate the buffer for
relocation copies. This could lead to heap writing overflows.
Signed-off-by: Kees Cook keesc...@chromium.org
Reported-by: Pinkie Pie
Cc: sta...@vger.kernel.org
---
v2:
- move check into validate_exec_list
---
drivers/gpu/drm
On Mon, Mar 11, 2013 at 2:22 PM, Andrew Morton
a...@linux-foundation.org wrote:
On Mon, 11 Mar 2013 14:03:20 -0700 Kees Cook keesc...@chromium.org wrote:
On Mon, Mar 11, 2013 at 2:01 PM, Andrew Morton
a...@linux-foundation.org wrote:
On Mon, 11 Mar 2013 13:37:53 -0700 Kees Cook keesc
This clarifies the comment above the access_ok check so a missing
VERIFY_READ doesn't alarm anyone.
Signed-off-by: Kees Cook keesc...@chromium.org
Cc: Daniel Vetter daniel.vet...@ffwll.ch
---
v2:
- rewrote comment, thanks to Chris Wilson
---
drivers/gpu/drm/i915/i915_gem_execbuffer.c |6
On Mon, Mar 11, 2013 at 3:00 PM, Chris Wilson ch...@chris-wilson.co.uk wrote:
On Mon, Mar 11, 2013 at 02:23:29PM -0700, Kees Cook wrote:
It is possible to wrap the counter used to allocate the buffer for
relocation copies. This could lead to heap writing overflows.
I'd keep the return value
On Mon, Mar 11, 2013 at 4:03 PM, Daniel Vetter dan...@ffwll.ch wrote:
On Sun, Mar 10, 2013 at 02:10:06PM -0700, Kees Cook wrote:
This replaces the manual read/write routines in debugfs with the common
simple attribute helpers. Doing this gets rid of repeated copy/pasting
of copy_from_user
It is possible to wrap the counter used to allocate the buffer for
relocation copies. This could lead to heap writing overflows.
CVE-2013-0913
v3: collapse test, improve comment
v2: move check into validate_exec_list
Signed-off-by: Kees Cook keesc...@chromium.org
Reported-by: Pinkie Pie
Cc: sta
This replaces the open-coded divisions in the debugfs code by calls
to do_div().
Signed-off-by: Kees Cook keesc...@chromium.org
Cc: Daniel Vetter daniel.vet...@ffwll.ch
---
drivers/gpu/drm/i915/i915_debugfs.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git
sent a follow-up patch to fix this.
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http
...@suse.de - SuSE Security Team
- End forwarded message -
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please
On Sat, Mar 2, 2013 at 4:57 PM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting Kees Cook (keesc...@google.com):
The rearranging done for user ns has resulted in allowing arbitrary
kernel module loading[1] (i.e. re-introducing a form of CVE-2011-1019)
by what is assumed to be an unprivileged
On Sat, Mar 2, 2013 at 7:56 PM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting Kees Cook (keesc...@google.com):
On Sat, Mar 2, 2013 at 4:57 PM, Serge E. Hallyn se...@hallyn.com wrote:
Quoting Kees Cook (keesc...@google.com):
The rearranging done for user ns has resulted in allowing
On Sat, Mar 2, 2013 at 8:12 PM, Eric W. Biederman ebied...@xmission.com wrote:
Serge E. Hallyn se...@hallyn.com writes:
Quoting Kees Cook (keesc...@google.com):
The rearranging done for user ns has resulted in allowing arbitrary
kernel module loading[1] (i.e. re-introducing a form of CVE-2011
...@xmission.com
Acked-by: Kees Cook keesc...@chromium.org
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ
On Sun, Mar 3, 2013 at 1:58 PM, Eric W. Biederman ebied...@xmission.com wrote:
Kees Cook keesc...@google.com writes:
On Sat, Mar 2, 2013 at 8:12 PM, Eric W. Biederman ebied...@xmission.com
wrote:
Serge E. Hallyn se...@hallyn.com writes:
Quoting Kees Cook (keesc...@google.com
On Mon, Mar 4, 2013 at 12:29 AM, Mathias Krause mini...@googlemail.com wrote:
On Sun, Mar 03, 2013 at 09:48:50AM -0800, Kees Cook wrote:
Several subsystems already have an implicit subsystem restriction
because they load with aliases. (e.g. binfmt-, net-pf=NNN,
snd-card-NNN, FOO-iosched
On Mon, Mar 4, 2013 at 10:21 AM, Eric W. Biederman
ebied...@xmission.com wrote:
Kees Cook keesc...@google.com writes:
On Mon, Mar 4, 2013 at 12:29 AM, Mathias Krause mini...@googlemail.com
wrote:
On Sun, Mar 03, 2013 at 09:48:50AM -0800, Kees Cook wrote:
Several subsystems already have
On Tue, Feb 26, 2013 at 5:27 PM, Dan Williams d...@fb.com wrote:
On Fri, Feb 22, 2013 at 11:40 PM, Kees Cook keesc...@chromium.org wrote:
The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
while now and is almost always enabled by default. As agreed during the
Linux kernel
On Mon, Mar 4, 2013 at 1:11 PM, NeilBrown ne...@suse.de wrote:
On Mon, 4 Mar 2013 10:59:30 -0800 Kees Cook keesc...@chromium.org wrote:
On Tue, Feb 26, 2013 at 5:27 PM, Dan Williams d...@fb.com wrote:
On Fri, Feb 22, 2013 at 11:40 PM, Kees Cook keesc...@chromium.org wrote
think it would be nicer to change that, and I'm sure some creative
guy calls the next filesystem of the month fs-$something :)
The precedent is -. netdev- pf-net- etc. Naming something
fs-$something is fine as long as it's actually a filesystem. :)
-Kees
--
Kees Cook
Chrome OS Security
Remove config EXPERIMENTAL itself, now that every depends on it has
been removed from the tree.
Signed-off-by: Kees Cook keesc...@chromium.org
Cc: Greg Kroah-Hartman gre...@linuxfoundation.org
---
init/Kconfig |4
1 file changed, 4 deletions(-)
diff --git a/init/Kconfig b/init/Kconfig
On Thu, Feb 7, 2013 at 10:39 AM, Stephen Hemminger
step...@networkplumber.org wrote:
On Thu, 7 Feb 2013 09:52:40 -0800
Kees Cook keesc...@chromium.org wrote:
This is based on Willy Tarreau's patch from 2008[1]. The goal is to
close a corner-case of TCP that isn't used and poses a small DoS
Writing to MSRs should not be allowed unless CAP_COMPROMISE_KERNEL is
set since it could lead to execution of arbitrary code in kernel mode.
Signed-off-by: Kees Cook keesc...@chromium.org
---
This would be used on top of Matthew Garrett's existing Secure boot
policy support patch series
No. CAP_RAWIO is for reading. Writing needs a much stronger check.
-Kees
On Fri, Feb 8, 2013 at 11:17 AM, H. Peter Anvin h...@zytor.com wrote:
We already have CAP_RAWIO for this in mainline; I am not sure if this should
be harder than that...
Kees Cook keesc...@chromium.org wrote:
Writing
On Fri, Feb 8, 2013 at 11:17 AM, Matthew Garrett
matthew.garr...@nebula.com wrote:
On Fri, 2013-02-08 at 11:12 -0800, Kees Cook wrote:
Writing to MSRs should not be allowed unless CAP_COMPROMISE_KERNEL is
set since it could lead to execution of arbitrary code in kernel mode.
Willing to buy
On Fri, Feb 8, 2013 at 11:42 AM, H. Peter Anvin h...@zytor.com wrote:
On 02/08/2013 11:18 AM, Kees Cook wrote:
No. CAP_RAWIO is for reading. Writing needs a much stronger check.
If so, I suspect we need to do this for *all* raw I/O... but I keep
wondering how much more sensitive writing
that to Matthew. Whatever the flag, it should be an immutable state of
the boot. Though, it probably makes sense as a cap just so that
non-secure-boot systems can still remove it from containers, etc.
-Kees
Kees Cook keesc...@chromium.org wrote:
On Fri, Feb 8, 2013 at 11:42 AM, H. Peter Anvin h
On Fri, Feb 8, 2013 at 12:34 PM, Matthew Garrett
matthew.garr...@nebula.com wrote:
On Fri, 2013-02-08 at 12:28 -0800, Kees Cook wrote:
Maybe a capability isn't the right way to go, I'm not sure. I'll leave
that to Matthew. Whatever the flag, it should be an immutable state of
the boot. Though
to support under Secure Boot, but that breaks some other use cases.
Also, _reading_ MSRs from userspace arguably has utility that doesn't
compromise ring-0. So excluding the driver entirely seems like
overkill.
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line
On Sat, Feb 9, 2013 at 1:29 AM, Borislav Petkov b...@alien8.de wrote:
On Fri, Feb 08, 2013 at 10:45:35PM -0800, Kees Cook wrote:
Also, _reading_ MSRs from userspace arguably has utility that doesn't
compromise ring-0.
And to come back to the original question: what is that utility, who
would
work, we can create a persistent mount point in sysfs. This will
put pstore on par with things like cgroups and efivarfs.
Signed-off-by: Josh Boyer jwbo...@redhat.com
Acked-by: Kees Cook keesc...@chromium.org
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line
-of-by Marcel Holtmann in 2006.
find and fix a security issue for it.
branch 2:
#define SUID_DUMPABLE_DISABLED 0
#define SUID_DUMPABLE_ENABLED 1
#define SUID_DUMPABLE_SAFE 2
in patch 54b501992dd2a839e94e76aa392c392b55080ce8
Signed-of-by Kees Cook in Jul 30
a...@linux.intel.com
Cc: Eric W. Biederman ebied...@xmission.com
Cc: Doug Ledford dledf...@redhat.com
Cc: Serge Hallyn serge.hal...@canonical.com
Cc: James Morris james.l.mor...@oracle.com
Cc: Andrew Morton a...@linux-foundation.org
Signed-off-by: Kees Cook keesc...@chromium.org
---
fs/coredump.c
Signed-off-by: Kees Cook keesc...@chromium.org
---
arch/x86/mm/fault.c |8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 027088f..fb674fd 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -748,13 +748,15
| nc -w 1 -p 5 localhost 5 -v -v -v
Connection to localhost 5 port [tcp/*] succeeded!
ohai
[1] http://thread.gmane.org/gmane.linux.network/107971
Cc: Willy Tarreau w...@1wt.eu
Signed-off-by: Kees Cook keesc...@chromium.org
---
Documentation/networking/ip-sysctl.txt | 17
While PROC_CN_MCAST_LISTEN/IGNORE is entirely advisory, it was possible
for an unprivileged user to turn off notifications for all listeners by
sending PROC_CN_MCAST_IGNORE. Instead, require the same privileges as
required for a multicast bind.
Signed-off-by: Kees Cook keesc...@chromium.org
Cc
On Tue, Feb 26, 2013 at 5:27 PM, Dan Williams d...@fb.com wrote:
On Fri, Feb 22, 2013 at 11:40 PM, Kees Cook keesc...@chromium.org wrote:
The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
while now and is almost always enabled by default. As agreed during the
Linux kernel
in check_syslog_permissions.
/* write-only does not need any file context */
if ((file-f_flags O_ACCMODE) == O_WRONLY)
return 0;
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord
, are the security_syslog() checks in /dev/kmsg correct? There is
only one used in devkmsg_open which uses SYSLOG_ACTION_READ_ALL. Shouldn't
it be using SYSLOG_ACTION_OPEN? And have SYSLOG_ACTION_READ_ALL added to
devkmsg_read? (And should we add one for write?)
-Kees
--
Kees Cook
Chrome OS Security
On Wed, Feb 27, 2013 at 10:01 AM, Josh Boyer jwbo...@redhat.com wrote:
On Wed, Feb 27, 2013 at 09:54:27AM -0800, Kees Cook wrote:
On Fri, Feb 22, 2013 at 01:18:57PM -0500, Josh Boyer wrote:
Originally, the addition of dmesg_restrict covered both the syslog
method of accessing dmesg, as well
SYSLOG_ACTION_CLOSE: /* Close log */
break;
I think for completeness, we need to add a
check_syslog_permissions(SYSLOG_ACTION_READ_ALL, SYSLOG_FROM_FILE)
call to devkmsg_read().
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line
When the userspace messaging (for the less common case of userspace key
wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with
it removed. This saves on kernel code size and reduces potential attack
surface by removing the /dev/ecryptfs node.
Signed-off-by: Kees Cook keesc
When the userspace messaging (for the less common case of userspace key
wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with
it removed. This saves on kernel code size and reduces potential attack
surface by removing the /dev/ecryptfs node.
Signed-off-by: Kees Cook keesc
The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
while now and is almost always enabled by default. As agreed during the
Linux kernel summit, remove it from any depends on lines in Kconfigs.
Signed-off-by: Kees Cook keesc...@chromium.org
Cc: Stefano Stabellini
On Thu, Feb 28, 2013 at 2:53 PM, Stefano Stabellini
stefano.stabell...@eu.citrix.com wrote:
On Thu, 28 Feb 2013, Kees Cook wrote:
The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
while now and is almost always enabled by default. As agreed during the
Linux kernel summit
).
-Kees
[1] https://twitter.com/grsecurity/status/307473816672665600
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Here's what's left of the remove experimental[1] tree, all for netdev.
What would be the preference for taking these patches for linux-next?
Should they go via the netdev tree, or should I ask Greg KH to take them
via driver-core?
Thanks!
-Kees
[1] https://lkml.org/lkml/2012/10/23/580
--
To
...@linuxfoundation.org
Cc: NetDev net...@vger.kernel.org
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/net/ethernet/racal/Kconfig |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/racal/Kconfig
b/drivers/net/ethernet/racal/Kconfig
index 01969e0..53c6af1
...@linuxfoundation.org
Cc: NetDev net...@vger.kernel.org
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/net/ethernet/fujitsu/Kconfig |6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/fujitsu/Kconfig
b/drivers/net/ethernet/fujitsu/Kconfig
index aca1568
...@linuxfoundation.org
Cc: NetDev net...@vger.kernel.org
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/net/ethernet/seeq/Kconfig |4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/seeq/Kconfig
b/drivers/net/ethernet/seeq/Kconfig
index 29f1853..2366fa0 100644
...@tuxdriver.com
Cc: David S. Miller da...@davemloft.net
Cc: Greg Kroah-Hartman gre...@linuxfoundation.org
Cc: NetDev net...@vger.kernel.org
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/net/wireless/b43/Kconfig | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git
Cc: Greg Kroah-Hartman gre...@linuxfoundation.org
Cc: NetDev net...@vger.kernel.org
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/net/wireless/rtl818x/Kconfig |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/rtl818x/Kconfig
b/drivers/net
Kroah-Hartman gre...@linuxfoundation.org
Cc: NetDev net...@vger.kernel.org
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/net/irda/Kconfig | 36 ++--
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/drivers/net/irda/Kconfig b/drivers/net
: David S. Miller da...@davemloft.net
Cc: Greg Kroah-Hartman gre...@linuxfoundation.org
Cc: NetDev net...@vger.kernel.org
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/net/wireless/ath/ath6kl/Kconfig |1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath6kl
...@tuxdriver.com
Cc: David S. Miller da...@davemloft.net
Cc: Greg Kroah-Hartman gre...@linuxfoundation.org
Cc: NetDev net...@vger.kernel.org
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/net/wireless/ath/carl9170/Kconfig |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
...@tuxdriver.com
Cc: David S. Miller da...@davemloft.net
Cc: Greg Kroah-Hartman gre...@linuxfoundation.org
Cc: NetDev net...@vger.kernel.org
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/net/wireless/p54/Kconfig |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net
...@tuxdriver.com
Cc: David S. Miller da...@davemloft.net
Cc: Greg Kroah-Hartman gre...@linuxfoundation.org
Cc: NetDev net...@vger.kernel.org
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/net/wireless/ipw2x00/Kconfig |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers
...@linuxfoundation.org
Cc: NetDev net...@vger.kernel.org
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/net/ethernet/microchip/Kconfig |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/microchip/Kconfig
b/drivers/net/ethernet/microchip/Kconfig
index 8163fd0
Cc: Greg Kroah-Hartman gre...@linuxfoundation.org
Cc: NetDev net...@vger.kernel.org
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/net/wireless/Kconfig | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/wireless/Kconfig b/drivers/net/wireless
: David S. Miller da...@davemloft.net
Cc: Greg Kroah-Hartman gre...@linuxfoundation.org
Cc: NetDev net...@vger.kernel.org
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/net/wireless/zd1211rw/Kconfig |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net
: Helmut Schaa helmut.sc...@googlemail.com
CC: John W. Linville linvi...@tuxdriver.com
Cc: David S. Miller da...@davemloft.net
Cc: Greg Kroah-Hartman gre...@linuxfoundation.org
Cc: NetDev net...@vger.kernel.org
Signed-off-by: Kees Cook keesc...@chromium.org
Acked-by: Gertjan van Wingerde gwinge
...@linuxfoundation.org
Cc: NetDev net...@vger.kernel.org
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/net/ppp/Kconfig | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ppp/Kconfig b/drivers/net/ppp/Kconfig
index 3d9ef4f..1373c6d 100644
...@linuxfoundation.org
Cc: NetDev net...@vger.kernel.org
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/net/ethernet/sun/Kconfig |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/sun/Kconfig b/drivers/net/ethernet/sun/Kconfig
index 57bfd85..ae3a355 100644
501 - 600 of 17758 matches
Mail list logo
