On Tue, Mar 8, 2016 at 1:00 PM, One Thousand Gnomes <[email protected]> wrote: > On Tue, 8 Mar 2016 13:47:55 -0700 > Scott Bauer <[email protected]> wrote: > >> This patch adds a sysctl argument to disable SROP protection. > > Shouldn't it be a sysctl to enable it irrevocably, otherwise if I have DAC > capability I can turn off SROP and attack something to get to higher > capability levels ? > > (The way almost all distros are set up its kind of academic but for a > properly secured system it might matter).
Perhaps use proc_dointvec_minmax_sysadmin instead to tie changes strictly to CAP_SYS_ADMIN? -Kees > > Alan -- Kees Cook Chrome OS & Brillo Security
