Re: [PATCH 0/10] Add additional security checks when module loadingis restricted

From: Matthew Garrett
Date: Wed Aug 28 2013 - 19:13:07 EST

Next message: Hugh Dickins: "[no subject]"
Previous message: Jamie Liu: "Re: [PATCH] workqueue: cond_resched() after processing each work item"
In reply to: Kees Cook: "Re: [PATCH 0/10] Add additional security checks when module loadingis restricted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2013-08-28 at 16:07 -0700, Kees Cook wrote:

> Strictly speaking, RAM contents are not available via /dev/*mem, even
> to root. However, you can request a suspend image be written, but to
> not enter hibernation. Then modify the image, and request a resume
> from it.

Is that true? Oh, hm - I guess you could do it with uswsusp. Ugh. Now I
wonder what else you can do with uswsusp. Yeah, ok, I think that case
certainly needs handling.

--
Matthew Garrett <matthew.garrett@xxxxxxxxxx>
èº{.nÇ+‰·Ÿ®‰†+%ŠËlzwm…ébëæìr¸›zX§»®w¥Š{ayºÊÚë,j¢f£¢·hš‹àz¹®w¥¢¸¢·¦j:+v‰¨ŠwèjØm¶Ÿÿ¾«‘êçzZ+ƒùšŽŠÝj"ú!¶iO•æ¬z·švØ^¶m§ÿðÃnÆàþY&—

Next message: Hugh Dickins: "[no subject]"
Previous message: Jamie Liu: "Re: [PATCH] workqueue: cond_resched() after processing each work item"
In reply to: Kees Cook: "Re: [PATCH 0/10] Add additional security checks when module loadingis restricted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]