Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87ef29gwa1.fsf@dja-thinkpad.axtens.net>
Date: Mon, 29 Jul 2019 17:00:38 +1000
From: Daniel Axtens <dja@...ens.net>
To: Andrew Donnellan <ajd@...ux.ibm.com>, Christopher M Riedl <cmr@...ormatik.wtf>, linuxppc-dev@...abs.org, kernel-hardening@...ts.openwall.com
Cc: mjg59@...gle.com
Subject: Re: [RFC PATCH v2] powerpc/xmon: restrict when kernel is locked down

Hi Chris,

>>>> Remind me again why we need to clear breakpoints in integrity mode?
...
>> Integrity mode merely means we are aiming to prevent modifications to 
>> kernel memory. IMHO leaving existing breakpoints in place is fine as 
>> long as when we hit the breakpoint xmon is in read-only mode.
>>
...
> I think ajd is right. 
>
> I think about it like this. There are 2 transitions:
>
>  - into integrity mode
>
>    Here, we need to go into r/o, but do not need to clear breakpoints.
>    You can still insert breakpoints in readonly mode, so clearing them
>    just makes things more irritating rather than safer.
>
>  - into confidentiality mode
>
>    Here we need to purge breakpoints and disable xmon completely.

Would you be able to send a v2 with these changes? (that is, not purging
breakpoints when entering integrity mode)

Regards,
Daniel

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.