Re: [PATCH V3 08/11] kexec: Disable at runtime if the kernelenforces module loading restrictions

From: Matthew Garrett
Date: Sun Sep 08 2013 - 10:40:41 EST

Next message: Sasha Levin: "softirq: soft lockup in __do_softirq"
Previous message: Gleb Natapov: "Re: [PATCH v2 01/15] KVM: MMU: fix the count of spte number"
In reply to: Greg KH: "Re: [PATCH V3 08/11] kexec: Disable at runtime if the kernelenforces module loading restrictions"
Next in thread: Kees Cook: "Re: [PATCH V3 08/11] kexec: Disable at runtime if the kernel enforcesmodule loading restrictions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 2013-09-08 at 00:24 -0700, Greg KH wrote:
> On Sun, Sep 08, 2013 at 06:44:08AM +0000, Matthew Garrett wrote:

> > At the most trivial level, grab the address of sig_enforce from
> > kallsyms, jump to a kernel that doesn't enforce STRICT_DEVMEM, modify
> > sig_enforce, jump back to the old kernel.
>
> Which proves what?

sig_enforce can be set, but once it's set can't be unset. Why do you
think that is?

--
Matthew Garrett <matthew.garrett@xxxxxxxxxx>
¢éì®&Þ~º&¶¬–+-±éÝ¥Šw®žË±Êâmébžìdz¹Þ)í…æèw*jg¬±¨¶‰šŽŠÝj/êäz¹ÞŠà2ŠÞ¨èÚ&¢)ß«a¶Úþø®G«éh®æj:+v‰¨Šwè†Ù>Wš±êÞiÛaxPjØm¶ŸÿÃ-»+ƒùdš_

Next message: Sasha Levin: "softirq: soft lockup in __do_softirq"
Previous message: Gleb Natapov: "Re: [PATCH v2 01/15] KVM: MMU: fix the count of spte number"
In reply to: Greg KH: "Re: [PATCH V3 08/11] kexec: Disable at runtime if the kernelenforces module loading restrictions"
Next in thread: Kees Cook: "Re: [PATCH V3 08/11] kexec: Disable at runtime if the kernel enforcesmodule loading restrictions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]