Re: [PATCH V3 08/11] kexec: Disable at runtime if the kernelenforces module loading restrictions
From: Matthew Garrett
Date: Sun Sep 08 2013 - 10:40:41 EST
On Sun, 2013-09-08 at 00:24 -0700, Greg KH wrote:
> On Sun, Sep 08, 2013 at 06:44:08AM +0000, Matthew Garrett wrote:
> > At the most trivial level, grab the address of sig_enforce from
> > kallsyms, jump to a kernel that doesn't enforce STRICT_DEVMEM, modify
> > sig_enforce, jump back to the old kernel.
>
> Which proves what?
sig_enforce can be set, but once it's set can't be unset. Why do you
think that is?
--
Matthew Garrett <matthew.garrett@xxxxxxxxxx>
¢éì®&Þ~º&¶¬+-±éÝ¥w®Ë±Êâmébìdz¹Þ)í
æèw*jg¬±¨¶Ýj/êäz¹Þà2Þ¨èÚ&¢)ß«a¶Úþø®G«éh®æj:+v¨wèÙ>W±êÞiÛaxPjØm¶ÿÃ-»+ùd_