Kees Cook writes:
> On Wed, Dec 11, 2013 at 3:15 PM, Eric W. Biederman
> wrote:
>> Kees Cook writes:
>>
>>> On Wed, Dec 11, 2013 at 9:52 AM, Eric W. Biederman
>>> wrote:
Kees Cook writes:
> For general-purpose (i.e. distro) kernel builds it makes sense to build
> with
On Wed, Dec 11, 2013 at 3:15 PM, Eric W. Biederman
wrote:
> Kees Cook writes:
>
>> On Wed, Dec 11, 2013 at 9:52 AM, Eric W. Biederman
>> wrote:
>>> Kees Cook writes:
>>>
For general-purpose (i.e. distro) kernel builds it makes sense to build
with
CONFIG_KEXEC to allow end users
Kees Cook writes:
> On Wed, Dec 11, 2013 at 9:52 AM, Eric W. Biederman
> wrote:
>> Kees Cook writes:
>>
>>> For general-purpose (i.e. distro) kernel builds it makes sense to build with
>>> CONFIG_KEXEC to allow end users to choose what kind of things they want to
>>> do
>>> with kexec.
On Wed, Dec 11, 2013 at 9:52 AM, Eric W. Biederman
wrote:
> Kees Cook writes:
>
>> For general-purpose (i.e. distro) kernel builds it makes sense to build with
>> CONFIG_KEXEC to allow end users to choose what kind of things they want to do
>> with kexec. However, in the face of trying to lock
Kees Cook writes:
> For general-purpose (i.e. distro) kernel builds it makes sense to build with
> CONFIG_KEXEC to allow end users to choose what kind of things they want to do
> with kexec. However, in the face of trying to lock down a system with such
> a kernel, there needs to be a way to
Kees Cook keesc...@chromium.org writes:
For general-purpose (i.e. distro) kernel builds it makes sense to build with
CONFIG_KEXEC to allow end users to choose what kind of things they want to do
with kexec. However, in the face of trying to lock down a system with such
a kernel, there needs
On Wed, Dec 11, 2013 at 9:52 AM, Eric W. Biederman
ebied...@xmission.com wrote:
Kees Cook keesc...@chromium.org writes:
For general-purpose (i.e. distro) kernel builds it makes sense to build with
CONFIG_KEXEC to allow end users to choose what kind of things they want to do
with kexec.
Kees Cook keesc...@chromium.org writes:
On Wed, Dec 11, 2013 at 9:52 AM, Eric W. Biederman
ebied...@xmission.com wrote:
Kees Cook keesc...@chromium.org writes:
For general-purpose (i.e. distro) kernel builds it makes sense to build with
CONFIG_KEXEC to allow end users to choose what kind of
On Wed, Dec 11, 2013 at 3:15 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Kees Cook keesc...@chromium.org writes:
On Wed, Dec 11, 2013 at 9:52 AM, Eric W. Biederman
ebied...@xmission.com wrote:
Kees Cook keesc...@chromium.org writes:
For general-purpose (i.e. distro) kernel builds it
Kees Cook keesc...@chromium.org writes:
On Wed, Dec 11, 2013 at 3:15 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Kees Cook keesc...@chromium.org writes:
On Wed, Dec 11, 2013 at 9:52 AM, Eric W. Biederman
ebied...@xmission.com wrote:
Kees Cook keesc...@chromium.org writes:
For
On Tue, Dec 10, 2013 at 11:14 AM, Vivek Goyal wrote:
> On Tue, Dec 10, 2013 at 10:54:00AM -0800, H. Peter Anvin wrote:
>> On 12/10/2013 10:33 AM, Vivek Goyal wrote:
>> > On Tue, Dec 10, 2013 at 08:32:38AM -0800, H. Peter Anvin wrote:
>> >> Of course it isn't.
>> >
>> > I am not sure what are you
On Tue, Dec 10, 2013 at 10:54:00AM -0800, H. Peter Anvin wrote:
> On 12/10/2013 10:33 AM, Vivek Goyal wrote:
> > On Tue, Dec 10, 2013 at 08:32:38AM -0800, H. Peter Anvin wrote:
> >> Of course it isn't.
> >
> > I am not sure what are you trying to say. This is too brief.
> >
> > Thanks
> > Vivek
On 12/10/2013 10:33 AM, Vivek Goyal wrote:
> On Tue, Dec 10, 2013 at 08:32:38AM -0800, H. Peter Anvin wrote:
>> Of course it isn't.
>
> I am not sure what are you trying to say. This is too brief.
>
> Thanks
> Vivek
>
Of course it is not sufficient. Once you can get arbitrary code into
kernel
On Tue, Dec 10, 2013 at 08:32:38AM -0800, H. Peter Anvin wrote:
> Of course it isn't.
I am not sure what are you trying to say. This is too brief.
Thanks
Vivek
>
> Vivek Goyal wrote:
> >On Mon, Dec 09, 2013 at 05:06:10PM -0800, Kees Cook wrote:
> >> On Mon, Dec 9, 2013 at 4:34 PM, H. Peter
Of course it isn't.
Vivek Goyal wrote:
>On Mon, Dec 09, 2013 at 05:06:10PM -0800, Kees Cook wrote:
>> On Mon, Dec 9, 2013 at 4:34 PM, H. Peter Anvin wrote:
>> > On 12/09/2013 04:16 PM, Kees Cook wrote:
>> >> For general-purpose (i.e. distro) kernel builds it makes sense to
>build with
>> >>
On Tue, Dec 10, 2013 at 09:35:40AM -0500, Vivek Goyal wrote:
> On Mon, Dec 09, 2013 at 05:06:10PM -0800, Kees Cook wrote:
> > On Mon, Dec 9, 2013 at 4:34 PM, H. Peter Anvin wrote:
> > > On 12/09/2013 04:16 PM, Kees Cook wrote:
> > >> For general-purpose (i.e. distro) kernel builds it makes sense
On Mon, Dec 09, 2013 at 05:06:10PM -0800, Kees Cook wrote:
> On Mon, Dec 9, 2013 at 4:34 PM, H. Peter Anvin wrote:
> > On 12/09/2013 04:16 PM, Kees Cook wrote:
> >> For general-purpose (i.e. distro) kernel builds it makes sense to build
> >> with
> >> CONFIG_KEXEC to allow end users to choose
On 12/10/2013 10:33 AM, Vivek Goyal wrote:
On Tue, Dec 10, 2013 at 08:32:38AM -0800, H. Peter Anvin wrote:
Of course it isn't.
I am not sure what are you trying to say. This is too brief.
Thanks
Vivek
Of course it is not sufficient. Once you can get arbitrary code into
kernel space
On Tue, Dec 10, 2013 at 10:54:00AM -0800, H. Peter Anvin wrote:
On 12/10/2013 10:33 AM, Vivek Goyal wrote:
On Tue, Dec 10, 2013 at 08:32:38AM -0800, H. Peter Anvin wrote:
Of course it isn't.
I am not sure what are you trying to say. This is too brief.
Thanks
Vivek
Of course
On Tue, Dec 10, 2013 at 11:14 AM, Vivek Goyal vgo...@redhat.com wrote:
On Tue, Dec 10, 2013 at 10:54:00AM -0800, H. Peter Anvin wrote:
On 12/10/2013 10:33 AM, Vivek Goyal wrote:
On Tue, Dec 10, 2013 at 08:32:38AM -0800, H. Peter Anvin wrote:
Of course it isn't.
I am not sure what are you
On Mon, Dec 09, 2013 at 05:06:10PM -0800, Kees Cook wrote:
On Mon, Dec 9, 2013 at 4:34 PM, H. Peter Anvin h...@zytor.com wrote:
On 12/09/2013 04:16 PM, Kees Cook wrote:
For general-purpose (i.e. distro) kernel builds it makes sense to build
with
CONFIG_KEXEC to allow end users to choose
On Tue, Dec 10, 2013 at 09:35:40AM -0500, Vivek Goyal wrote:
On Mon, Dec 09, 2013 at 05:06:10PM -0800, Kees Cook wrote:
On Mon, Dec 9, 2013 at 4:34 PM, H. Peter Anvin h...@zytor.com wrote:
On 12/09/2013 04:16 PM, Kees Cook wrote:
For general-purpose (i.e. distro) kernel builds it makes
Of course it isn't.
Vivek Goyal vgo...@redhat.com wrote:
On Mon, Dec 09, 2013 at 05:06:10PM -0800, Kees Cook wrote:
On Mon, Dec 9, 2013 at 4:34 PM, H. Peter Anvin h...@zytor.com wrote:
On 12/09/2013 04:16 PM, Kees Cook wrote:
For general-purpose (i.e. distro) kernel builds it makes sense to
On Tue, Dec 10, 2013 at 08:32:38AM -0800, H. Peter Anvin wrote:
Of course it isn't.
I am not sure what are you trying to say. This is too brief.
Thanks
Vivek
Vivek Goyal vgo...@redhat.com wrote:
On Mon, Dec 09, 2013 at 05:06:10PM -0800, Kees Cook wrote:
On Mon, Dec 9, 2013 at 4:34 PM, H.
On Mon, Dec 9, 2013 at 4:34 PM, H. Peter Anvin wrote:
> On 12/09/2013 04:16 PM, Kees Cook wrote:
>> For general-purpose (i.e. distro) kernel builds it makes sense to build with
>> CONFIG_KEXEC to allow end users to choose what kind of things they want to do
>> with kexec. However, in the face of
On 12/09/2013 04:16 PM, Kees Cook wrote:
> For general-purpose (i.e. distro) kernel builds it makes sense to build with
> CONFIG_KEXEC to allow end users to choose what kind of things they want to do
> with kexec. However, in the face of trying to lock down a system with such
> a kernel, there
For general-purpose (i.e. distro) kernel builds it makes sense to build with
CONFIG_KEXEC to allow end users to choose what kind of things they want to do
with kexec. However, in the face of trying to lock down a system with such
a kernel, there needs to be a way to disable kexec (much like module
For general-purpose (i.e. distro) kernel builds it makes sense to build with
CONFIG_KEXEC to allow end users to choose what kind of things they want to do
with kexec. However, in the face of trying to lock down a system with such
a kernel, there needs to be a way to disable kexec (much like module
On 12/09/2013 04:16 PM, Kees Cook wrote:
For general-purpose (i.e. distro) kernel builds it makes sense to build with
CONFIG_KEXEC to allow end users to choose what kind of things they want to do
with kexec. However, in the face of trying to lock down a system with such
a kernel, there needs
On Mon, Dec 9, 2013 at 4:34 PM, H. Peter Anvin h...@zytor.com wrote:
On 12/09/2013 04:16 PM, Kees Cook wrote:
For general-purpose (i.e. distro) kernel builds it makes sense to build with
CONFIG_KEXEC to allow end users to choose what kind of things they want to do
with kexec. However, in the
30 matches
Mail list logo