Re: [RFC] Second attempt at kernel secure boot support

From: Matthew Garrett
Date: Wed Oct 31 2012 - 11:56:32 EST

Next message: Sasha Levin: "Re: [PATCH 21/21] TTY: move tty buffers to tty_port"
Previous message: Michal Hocko: "Re: [PATCH 3/8] cgroup: use cgroup_lock_live_group(parent) incgroup_create()"
In reply to: Jiri Kosina: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Alan Cox: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

1) Gain root.
2) Modify swap partition directly.
3) Force reboot.
4) Win.

Root should not have the ability to elevate themselves to running
arbitrary kernel code. Therefore, the above attack needs to be
impossible.

--
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sasha Levin: "Re: [PATCH 21/21] TTY: move tty buffers to tty_port"
Previous message: Michal Hocko: "Re: [PATCH 3/8] cgroup: use cgroup_lock_live_group(parent) incgroup_create()"
In reply to: Jiri Kosina: "Re: [RFC] Second attempt at kernel secure boot support"
Next in thread: Alan Cox: "Re: [RFC] Second attempt at kernel secure boot support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]