Received: by 10.213.65.68 with SMTP id h4csp1236977imn; Wed, 4 Apr 2018 15:21:04 -0700 (PDT) X-Google-Smtp-Source: AIpwx48J7uM4G9TjgLbxcKE4hwJduCSazxl4cRBRRky9/Fc5DMRBV6VgbMzKjHqo1RBSIcp7MMiC X-Received: by 10.99.1.133 with SMTP id 127mr13267583pgb.24.1522880464094; Wed, 04 Apr 2018 15:21:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522880464; cv=none; d=google.com; s=arc-20160816; b=qldG0tSkSEJOLT4c3Pq/J2sO0hMPPjNJbKyHCM5H7+6Uf0iSfgVD57Z2cOxjLMEtBW rm9z3YoCUG7wSi2ibn11cN4JKomenKnTMkN9sa3WvayeJIXUkpBkY54cEXcgHUBrPUwL hQNqcEGN5CYqF9nXAEctzZRYKlnGORfI2Ju0avrIiiXk1vKE1J7z9K46SST2xY/7eBgA IvUQbzabwH6UXO4TET8hkeuUTgv3sn87Vk2lOo8My4q9g3n53Er3INiAacd38PnZAVxc yey32Pw+jm7CcWJbel506w2TiYKK2EAHUphMXVTybIUWXRIr05cKQBp4InWiMv+gfbk3 64tQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:content-id:mime-version :subject:cc:to:references:in-reply-to:from:organization :arc-authentication-results; bh=kt5pVLJ4en4lCYzgbX8qFHsCAn/clF07ERB1g5ipilE=; b=KZCa4iM4Sb898JXZEL9jd0kKAagzvX1t7mEHbtxryc2rtC+DLwRevnoTK6GLsKz7XL W8NjphGbkg5+fH0Bzdj2fvWTkmBsHL25skAMkYCrZ5ib5apN5P1I0FZMnf4WmdH2YVNL sZIbAuQ/c4iyhkvm7MNRplRrxHz//SwPXk3I17sQZlFvV5SP7o3VmXe/it9O/X/OeY2f lpVae//EQD+9Ggd7NRaNOCMlNJ/QsK3y8zAuFriLzaeb3V1+QMD2f1KDqw9lgmG+/GNi AGK5uFMhG9q+zlaroiGkQ11vX1w0HE4m8RxuR+T3f1SDGpF4yE+1DBwRcmSdKL9vejYM yfZQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k73si4453456pgc.707.2018.04.04.15.20.49; Wed, 04 Apr 2018 15:21:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752483AbeDDWTd (ORCPT + 99 others); Wed, 4 Apr 2018 18:19:33 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:42548 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751749AbeDDWTb (ORCPT ); Wed, 4 Apr 2018 18:19:31 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7829C5BCBE; Wed, 4 Apr 2018 22:19:30 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-120-158.rdu2.redhat.com [10.10.120.158]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2132010B00AD; Wed, 4 Apr 2018 22:19:28 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 From: David Howells In-Reply-To: References: <1119.1522858644@warthog.procyon.org.uk> To: Jann Horn Cc: dhowells@redhat.com, Alexei Starovoitov , Andy Lutomirski , Greg Kroah-Hartman , "Theodore Y. Ts'o" , Matthew Garrett , Linus Torvalds , Ard Biesheuvel , James Morris , Alan Cox , Linux Kernel Mailing List , Justin Forbes , linux-man , joeyli , LSM List , Linux API , Kees Cook , linux-efi Subject: Re: An actual suggestion (Re: [GIT PULL] Kernel lockdown for secure boot) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <15405.1522880367.1@warthog.procyon.org.uk> Date: Wed, 04 Apr 2018 23:19:27 +0100 Message-ID: <15406.1522880367@warthog.procyon.org.uk> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Wed, 04 Apr 2018 22:19:30 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Wed, 04 Apr 2018 22:19:30 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'dhowells@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Jann Horn wrote: > > Uh, no. bpf, for example, can be used to modify kernel memory. > > I'm pretty sure bpf isn't supposed to be able to modify arbitrary > kernel memory. AFAIU if you can use BPF to write to arbitrary kernel > memory, that's a bug; with CAP_SYS_ADMIN, you can read from userspace, > write to userspace, and read from kernelspace, but you shouldn't be > able to write to kernelspace. Ah - you may be right. I seem to have misremembered what Joey Lee wrote in his patch description. David