Re: [PATCH V3 08/11] kexec: Disable at runtime if the kernel enforcesmodule loading restrictions

From: James Morris
Date: Tue Sep 03 2013 - 20:46:48 EST

Next message: James Morris: "Re: [PATCH V3 09/11] uswsusp: Disable when module loading isrestricted"
Previous message: James Morris: "Re: [PATCH V3 05/11] asus-wmi: Restrict debugfs interface when moduleloading is restricted"
In reply to: Matthew Garrett: "[PATCH V3 08/11] kexec: Disable at runtime if the kernel enforces module loading restrictions"
Next in thread: jerry . hoemann: "Re: [PATCH V3 08/11] kexec: Disable at runtime if the kernelenforces module loading restrictions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 3 Sep 2013, Matthew Garrett wrote:

> kexec permits the loading and execution of arbitrary code in ring 0, which
> is something that module signing enforcement is meant to prevent. It makes
> sense to disable kexec in this situation.
>
> Signed-off-by: Matthew Garrett <matthew.garrett@xxxxxxxxxx>

Reviewed-by: James Morris <jmorris@xxxxxxxxx>

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Morris: "Re: [PATCH V3 09/11] uswsusp: Disable when module loading isrestricted"
Previous message: James Morris: "Re: [PATCH V3 05/11] asus-wmi: Restrict debugfs interface when moduleloading is restricted"
In reply to: Matthew Garrett: "[PATCH V3 08/11] kexec: Disable at runtime if the kernel enforces module loading restrictions"
Next in thread: jerry . hoemann: "Re: [PATCH V3 08/11] kexec: Disable at runtime if the kernelenforces module loading restrictions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]