On Wed, 2018-04-11 at 16:09 -0400, Mimi Zohar wrote:
> On Wed, 2018-04-11 at 14:00 -0500, Eric W. Biederman wrote:
> > David Howells writes:
> >
> > > From: Matthew Garrett
> > >
> > > The kexec_load() syscall permits the loading and execution of
On Wed, 2018-04-11 at 16:09 -0400, Mimi Zohar wrote:
> On Wed, 2018-04-11 at 14:00 -0500, Eric W. Biederman wrote:
> > David Howells writes:
> >
> > > From: Matthew Garrett
> > >
> > > The kexec_load() syscall permits the loading and execution of arbitrary
> > > code in ring 0, which is
On Wed, 2018-04-11 at 14:00 -0500, Eric W. Biederman wrote:
> David Howells writes:
>
> > From: Matthew Garrett
> >
> > The kexec_load() syscall permits the loading and execution of arbitrary
> > code in ring 0, which is something that lock-down is
On Wed, 2018-04-11 at 14:00 -0500, Eric W. Biederman wrote:
> David Howells writes:
>
> > From: Matthew Garrett
> >
> > The kexec_load() syscall permits the loading and execution of arbitrary
> > code in ring 0, which is something that lock-down is meant to prevent. It
> > makes sense to
Eric W. Biederman wrote:
> Maybing I am missing it but I am not seeing anything that would require
> kexec_file_load be configured such that it checks the loaded kernel.
>
> Without that I don't see the point of disabling kexec_load.
I meant to remove this patch too.
Eric W. Biederman wrote:
> Maybing I am missing it but I am not seeing anything that would require
> kexec_file_load be configured such that it checks the loaded kernel.
>
> Without that I don't see the point of disabling kexec_load.
I meant to remove this patch too.
David
David Howells writes:
> From: Matthew Garrett
>
> The kexec_load() syscall permits the loading and execution of arbitrary
> code in ring 0, which is something that lock-down is meant to prevent. It
> makes sense to disable kexec_load() in this
David Howells writes:
> From: Matthew Garrett
>
> The kexec_load() syscall permits the loading and execution of arbitrary
> code in ring 0, which is something that lock-down is meant to prevent. It
> makes sense to disable kexec_load() in this situation.
>
> This does not affect
8 matches
Mail list logo