Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGXu5j+QSn1bWB41xN8OM+dg+oGeJM9bKb92x9WdsX7tk1kANw@mail.gmail.com>
Date: Wed, 9 Mar 2016 22:36:21 -0800
From: Kees Cook <keescook@...omium.org>
To: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Cc: Scott Bauer <sbauer@....utah.edu>, LKML <linux-kernel@...r.kernel.org>, 
	"x86@...nel.org" <x86@...nel.org>, wmealing@...hat.com, Andi Kleen <ak@...ux.intel.com>, 
	Andy Lutomirski <luto@...capital.net>, Abhiram Balasubramanian <abhiram@...utah.edu>
Subject: Re: Re: [PATCH v3 3/3] SROP mitigation: Add sysctl
 to disable SROP protection.

On Tue, Mar 8, 2016 at 1:00 PM, One Thousand Gnomes
<gnomes@...rguk.ukuu.org.uk> wrote:
> On Tue,  8 Mar 2016 13:47:55 -0700
> Scott Bauer <sbauer@....utah.edu> wrote:
>
>> This patch adds a sysctl argument to disable SROP protection.
>
> Shouldn't it be a sysctl to enable it irrevocably, otherwise if I have DAC
> capability I can turn off SROP and attack something to get to higher
> capability levels ?
>
> (The way almost all distros are set up its kind of academic but for a
> properly secured system it might matter).

Perhaps use proc_dointvec_minmax_sysadmin instead to tie changes
strictly to CAP_SYS_ADMIN?

-Kees

>
> Alan



-- 
Kees Cook
Chrome OS & Brillo Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.