Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758089Ab2JaP4o (ORCPT ); Wed, 31 Oct 2012 11:56:44 -0400 Received: from cavan.codon.org.uk ([93.93.128.6]:47826 "EHLO cavan.codon.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757974Ab2JaP4m (ORCPT ); Wed, 31 Oct 2012 11:56:42 -0400 Date: Wed, 31 Oct 2012 15:56:35 +0000 From: Matthew Garrett To: Alan Cox Cc: Josh Boyer , Jiri Kosina , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org Subject: Re: [RFC] Second attempt at kernel secure boot support Message-ID: <20121031155635.GA14294@srcf.ucam.org> References: <1348152065-31353-1-git-send-email-mjg@redhat.com> <20121029174131.GC7580@srcf.ucam.org> <20121031155503.1aaf4c93@pyramind.ukuu.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20121031155503.1aaf4c93@pyramind.ukuu.org.uk> User-Agent: Mutt/1.5.20 (2009-06-14) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: mjg59@cavan.codon.org.uk X-SA-Exim-Scanned: No (on cavan.codon.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 506 Lines: 16 1) Gain root. 2) Modify swap partition directly. 3) Force reboot. 4) Win. Root should not have the ability to elevate themselves to running arbitrary kernel code. Therefore, the above attack needs to be impossible. -- Matthew Garrett | mjg59@srcf.ucam.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/