Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Matthew Garrett <matthew.garrett <at> nebula.com>
Subject: [PATCH 0/2] Secure Boot: More controversial changes
Newsgroups: gmane.linux.kernel.lsm
Date: Monday 28th January 2013 16:47:40 UTC (over 4 years ago)
These patches break functionality that people rely on without providing
any functional equivalent, so I'm not suggesting that they be merged
as-is. kexec allows trivial circumvention of the trust model (it's
trivially equivalent to permitting module loading, for instance) and
hibernation allows similar attacks (disable swap, write a pre-formed resume
image to swap, reboot). The hibernation patch also shows up a different
issue - some userspace drops all capabilities, resulting in things that
userspace expects to work no longer working. This seems like an
unsurprising result, but breaking userspace is bad and so it'd be nice to
figure out if there's another way to handle this.

--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
 
CD: 3ms