Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAGXu5jL418kOXVhoYg8DoMdVDZm4e93rH16cOS_feMjkxrpD2g@mail.gmail.com>
Date: Mon, 13 Feb 2017 09:51:28 -0800
From: Kees Cook <keescook@...omium.org>
To: James Morris <jmorris@...ei.org>
Cc: linux-security-module <linux-security-module@...r.kernel.org>, 
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: [RFC PATCH 0/4] ro hardening for the security subsystem

On Sun, Feb 12, 2017 at 9:31 PM, James Morris <jmorris@...ei.org> wrote:
> Hi Folks,
>
> Please review/test these patches which add some read-only hardening to the
> security subsystem.
>
> In this series, the following are marked as __ro_after_init:
>
> - LSM hooks
> - Netfilter hooks used by security/
> - the default IMA rules
>
> I've also constified the SELinux Netlink permission tables, which will
> ensure they're located in an RO section.

A lot of the security subsystem is targeted during kernel write
exploits, so I think this is very nice change to have. Thanks for
doing this!

Acked-by: Kees Cook <keescook@...omium.org>

-Kees

-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.