On Sat, Oct 03, 2015 at 09:50:45AM +0200, Ingo Molnar wrote:
> Ah, I think you missed the following detail: the patch I suggested would
> separate
> the debugfs bits from the checking bits and would thus allow a 'security
> check
> only' .config setting.
>
> Distros would normally not want to
* Borislav Petkov wrote:
> On Fri, Oct 02, 2015 at 09:26:44AM +0200, Ingo Molnar wrote:
> > It's better to generate a WARN()ing programmatically if the W+X condition
> > occurs,
> > that gets noticed by tools and people alike. I'd like to start treating
> > that
> > condition as a hard kerne
On Fri, Oct 02, 2015 at 09:26:44AM +0200, Ingo Molnar wrote:
> It's better to generate a WARN()ing programmatically if the W+X condition
> occurs,
> that gets noticed by tools and people alike. I'd like to start treating that
> condition as a hard kernel bug.
>
> A dump in dmesg is subject to r
* Stephen Smalley wrote:
> + st.check_wx = checkwx;
> + if (checkwx) {
> + pr_info("Checking for W+x mappings\n");
> + st.found_wx = false;
> + }
> +
> for (i = 0; i < PTRS_PER_PGD; i++) {
> st.current_address = normalize_addr(i * PGD_LEVEL
* Borislav Petkov wrote:
> On Thu, Oct 01, 2015 at 12:24:25PM -0700, Kees Cook wrote:
> > On Thu, Oct 1, 2015 at 9:28 AM, Stephen Smalley wrote:
> > > Warn on any residual W+x mappings if X86_PTDUMP is enabled.
> > >
> > > Sample dmesg output:
> > > Checking for W+x mappings
> > > 0x817
On Thu, Oct 01, 2015 at 12:24:25PM -0700, Kees Cook wrote:
> On Thu, Oct 1, 2015 at 9:28 AM, Stephen Smalley wrote:
> > Warn on any residual W+x mappings if X86_PTDUMP is enabled.
> >
> > Sample dmesg output:
> > Checking for W+x mappings
> > 0x81755000-0x8180 684K
On Thu, Oct 1, 2015 at 9:28 AM, Stephen Smalley wrote:
> Warn on any residual W+x mappings if X86_PTDUMP is enabled.
>
> Sample dmesg output:
> Checking for W+x mappings
> 0x81755000-0x8180 684K RW GLB
> x pte
> Found W+x mappings. Please fix.
>
>
Warn on any residual W+x mappings if X86_PTDUMP is enabled.
Sample dmesg output:
Checking for W+x mappings
0x81755000-0x8180 684K RW GLB x
pte
Found W+x mappings. Please fix.
Signed-off-by: Stephen Smalley
---
Not sure if this is the best place
8 matches
Mail list logo
