Hi,
On Wed, Jun 17, 2020 at 12:20 AM Jason A. Donenfeld wrote:
>
> Hi Rafael, Len,
>
> Looks like I should have CC'd you on this patch. This is probably
> something we should get into 5.8-rc2, so that it can then get put into
> stable kernels, as some people think this is security sensitive.
> Bi
r.kernel.org>; Kernel Hardening harden...@lists.openwall.com>
> Subject: Re: [PATCH] acpi: disallow loading configfs acpi tables when locked
> down
>
> On Wed, 17 Jun 2020 at 00:21, Jason A. Donenfeld
> wrote:
> >
> > Hi Rafael, Len,
> >
> > Looks like I sho
On Wed, Jun 17, 2020 at 2:38 AM Ard Biesheuvel wrote:
>
> On Wed, 17 Jun 2020 at 00:21, Jason A. Donenfeld wrote:
> >
> > Hi Rafael, Len,
> >
> > Looks like I should have CC'd you on this patch. This is probably
> > something we should get into 5.8-rc2, so that it can then get put into
> > stable
On Wed, 17 Jun 2020 at 00:21, Jason A. Donenfeld wrote:
>
> Hi Rafael, Len,
>
> Looks like I should have CC'd you on this patch. This is probably
> something we should get into 5.8-rc2, so that it can then get put into
> stable kernels, as some people think this is security sensitive.
> Bigger pic
Hi Rafael, Len,
Looks like I should have CC'd you on this patch. This is probably
something we should get into 5.8-rc2, so that it can then get put into
stable kernels, as some people think this is security sensitive.
Bigger picture is this:
https://data.zx2c4.com/american-unsigned-language-2.gif
Like other vectors already patched, this one here allows the root user
to load ACPI tables, which enables arbitrary physical address writes,
which in turn makes it possible to disable lockdown. This patch prevents
this by checking the lockdown status before allowing a new ACPI table to be
installed
6 matches
Mail list logo