Re: [PATCH 08/10] kexec: Disable at runtime if the kernel enforcesmodule loading restrictions

From: Geert Uytterhoeven
Date: Sun Sep 01 2013 - 04:52:50 EST

Next message: Gleb Natapov: "Re: [PATCH] KVM: mmu: allow page tables to be in read-only slots"
Previous message: George Spelvin: "Re: [PATCH v7 1/4] spinlock: A new lockref structure for lockless update of refcount"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 19, 2013 at 6:10 PM, Matthew Garrett
<matthew.garrett@xxxxxxxxxx> wrote:
> kexec permits the loading and execution of arbitrary code in ring 0, which
> is something that module signing enforcement is meant to prevent. It makes
> sense to disable kexec in this situation.

Any plans for signed kexec code?

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Gleb Natapov: "Re: [PATCH] KVM: mmu: allow page tables to be in read-only slots"
Previous message: George Spelvin: "Re: [PATCH v7 1/4] spinlock: A new lockref structure for lockless update of refcount"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]