On Mon, Nov 26, 2012 at 6:14 AM, Steve Grubb wrote:
> On Monday, November 19, 2012 01:56:53 PM Kees Cook wrote:
>> The seccomp path was using AUDIT_ANOM_ABEND from when seccomp mode 1
>> could only kill a process. While we still want to make sure an audit
>> record is f
nformation, not process information).
Reported-by: Steve Grubb
Signed-off-by: Kees Cook
---
include/linux/audit.h | 16 ++-
kernel/audit.c| 247 --
kernel/audit.h| 157 ++
kernel/audits
vger.kernel.org
Signed-off-by: Kees Cook
Acked-by: Steve Grubb
---
v2:
- update commit message and add Cc to stable, suggested by Steve Grubb
---
include/linux/audit.h |3 ++-
include/uapi/linux/audit.h |1 +
kernel/auditsc.c | 14 +++---
3 files changed, 14 i
This makes sure that release_sock is called for all error conditions in
irda_getsockopt.
Signed-off-by: Kees Cook
Reported-by: Brad Spengler
Cc: sta...@vger.kernel.org
---
net/irda/af_irda.c |6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/irda/af_irda.c b/net
d. These weren't used anywhere in the kernel, so I didn't see them.
> in patch abf75a5033d4da7b8a7e92321d74021d1fcfb502
> Signed-of-by Marcel Holtmann in 2006.
> find and fix a security issue for it.
>
>
> branch 2:
>
> #define SUID_DUMPABL
edford
Cc: Serge Hallyn
Cc: James Morris
Cc: Andrew Morton
Signed-off-by: Kees Cook
---
fs/coredump.c |2 +-
fs/exec.c | 10 +-
fs/proc/internal.h|3 ++-
include/linux/sched.h |5 -
kernel/sysctl.c |2 +-
5 files changed, 9 inserti
more realistic expectation, and unobfuscate the
setting of the PF_PROT bit to improve readability.
[1] http://vulnfactory.org/blog/2013/02/06/a-linux-memory-trick/
Reported-by: Dan Rosenberg
Suggested-by: Brad Spengler
Cc: sta...@vger.kernel.org
Signed-off-by: Kees Cook
---
arch/x86/mm/fault.c
t_connect
$ echo ohai | nc -w 1 -p 5 localhost 5 -v -v -v
Connection to localhost 5 port [tcp/*] succeeded!
ohai
[1] http://thread.gmane.org/gmane.linux.network/107971
Cc: Willy Tarreau
Signed-off-by: Kees Cook
---
Documentation/networking/ip-sysctl.txt | 17 +
i
On Thu, Feb 7, 2013 at 10:39 AM, Stephen Hemminger
wrote:
> On Thu, 7 Feb 2013 09:52:40 -0800
> Kees Cook wrote:
>
>> This is based on Willy Tarreau's patch from 2008[1]. The goal is to
>> close a corner-case of TCP that isn't used and poses a small DoS risk.
>
Writing to MSRs should not be allowed unless CAP_COMPROMISE_KERNEL is
set since it could lead to execution of arbitrary code in kernel mode.
Signed-off-by: Kees Cook
---
This would be used on top of Matthew Garrett's existing "Secure boot
policy support" patch series.
---
arch/x
No. CAP_RAWIO is for reading. Writing needs a much stronger check.
-Kees
On Fri, Feb 8, 2013 at 11:17 AM, H. Peter Anvin wrote:
> We already have CAP_RAWIO for this in mainline; I am not sure if this should
> be harder than that...
>
> Kees Cook wrote:
>
>>Writing
On Fri, Feb 8, 2013 at 11:17 AM, Matthew Garrett
wrote:
> On Fri, 2013-02-08 at 11:12 -0800, Kees Cook wrote:
>> Writing to MSRs should not be allowed unless CAP_COMPROMISE_KERNEL is
>> set since it could lead to execution of arbitrary code in kernel mode.
>
> Willing to buy
On Fri, Feb 8, 2013 at 11:42 AM, H. Peter Anvin wrote:
> On 02/08/2013 11:18 AM, Kees Cook wrote:
>>
>> No. CAP_RAWIO is for reading. Writing needs a much stronger check.
>
> If so, I suspect we need to do this for *all* raw I/O... but I keep
> wondering how much more sen
n't the right way to go, I'm not sure. I'll leave
that to Matthew. Whatever the flag, it should be an immutable state of
the boot. Though, it probably makes sense as a cap just so that
non-secure-boot systems can still remove it from containers, etc.
-Kees
> Kees Cook wrote:
>
>
On Fri, Feb 8, 2013 at 12:34 PM, Matthew Garrett
wrote:
> On Fri, 2013-02-08 at 12:28 -0800, Kees Cook wrote:
>
>> Maybe a capability isn't the right way to go, I'm not sure. I'll leave
>> that to Matthew. Whatever the flag, it should be an immutable state of
t; want to support under Secure Boot, but that breaks some other use cases.
Also, _reading_ MSRs from userspace arguably has utility that doesn't
compromise ring-0. So excluding the driver entirely seems like
overkill.
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: sen
On Sat, Feb 9, 2013 at 1:29 AM, Borislav Petkov wrote:
> On Fri, Feb 08, 2013 at 10:45:35PM -0800, Kees Cook wrote:
>> Also, _reading_ MSRs from userspace arguably has utility that doesn't
>> compromise ring-0.
>
> And to come back to the original question: what is that
gt; still work, we can create a persistent mount point in sysfs. This will
> put pstore on par with things like cgroups and efivarfs.
>
> Signed-off-by: Josh Boyer
Acked-by: Kees Cook
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux
Hello,
This patch series implements per-boot kernel base offset ASLR. It is based
on work by Dan Rosenberg, Neill Clift, Michael Davidson, and myself. Since
Dan's original thread[1], this code has been improved to work on 64-bit,
among other things.
This is presently in use at Google, and is bein
based on work by Neill Clift and Michael Davidson.
Signed-off-by: Kees Cook
Cc: Eric Northup
---
arch/x86/boot/compressed/Makefile |2 +-
arch/x86/realmode/rm/Makefile |2 +-
arch/x86/tools/.gitignore |3 +-
arch/x86/tools/Makefile | 14 +-
arch/x86/tools
This provides routines for selecting a randomized kernel base offset,
bounded by e820 details. It tries to use RDRAND and falls back to
RDTSC. If "noaslr" is on the kernel command line, no offset will be used.
Heavily based on work by Dan Rosenberg and Neill Clift.
Signed-off-by: Kee
.org/sites/default/files/Practical%20Timing%20Side%20Channel%20Attacks%20Against%20Kernel%20Space%20ASLR.pdf
[2] http://forums.grsecurity.net/viewtopic.php?f=7&t=3367
[3] http://lkml.indiana.edu/hypermail/linux/kernel/1105.3/index.html#00520
Signed-off-by: Kees Cook
Cc: Eric Northup
---
Docume
On Thu, Apr 4, 2013 at 1:12 PM, H. Peter Anvin wrote:
> On 04/04/2013 01:07 PM, Kees Cook wrote:
>> However, the benefits of
>> this feature in certain environments exceed the perceived weaknesses[2].
>
> Could you clarify?
I would summarize the discussion of KASLR weaknesse
es, which
is a huge blip on any radar. :)
-Kees
>
> Kees Cook wrote:
>
>>On Thu, Apr 4, 2013 at 1:12 PM, H. Peter Anvin wrote:
>>> On 04/04/2013 01:07 PM, Kees Cook wrote:
>>>> However, the benefits of
>>>> this feature in certain environment
et, but it dramatically changes
the landscape of what kinds of attacks can be used.
-Kees
On Thu, Apr 4, 2013 at 2:01 PM, H. Peter Anvin wrote:
> What system monitoring? Most systems don't have much...
>
> Kees Cook wrote:
>
>>On Thu, Apr 4, 2013 at 1:58 PM, H. Peter Anvin wrote
ffset_notifier);
But of course, this can get improved.
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
while now and is almost always enabled by default. As agreed during the
Linux kernel summit, remove it from any "depends on" lines in Kconfigs.
Signed-off-by: Kees Cook
Cc: Stephen Hemminger
Cc: David S. Miller
--
The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
while now and is almost always enabled by default. As agreed during the
Linux kernel summit, remove it from any "depends on" lines in Kconfigs.
Signed-off-by: Kees Cook
Cc: Stefano Stabellini
Cc: Mukesh Rathor
The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
while now and is almost always enabled by default. As agreed during the
Linux kernel summit, remove it from any "depends on" lines in Kconfigs.
Signed-off-by: Kees Cook
Cc: David S. Miller
Cc: Asias He
Cc:
The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
while now and is almost always enabled by default. As agreed during the
Linux kernel summit, remove it from any "depends on" lines in Kconfigs.
Signed-off-by: Kees Cook
Cc: Alex Williamson
---
drivers/vfio/p
The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
while now and is almost always enabled by default. As agreed during the
Linux kernel summit, remove it from any "depends on" lines in Kconfigs.
Signed-off-by: Kees Cook
Cc: Arjan van de Ven
Cc: Dan Williams
Cc:
On Sat, Feb 23, 2013 at 3:59 AM, Dongsheng Song
wrote:
> On Sat, Feb 23, 2013 at 3:29 PM, Kees Cook wrote:
>>
>> The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
>> while now and is almost always enabled by default. As agreed during the
>> Lin
While PROC_CN_MCAST_LISTEN/IGNORE is entirely advisory, it was possible
for an unprivileged user to turn off notifications for all listeners by
sending PROC_CN_MCAST_IGNORE. Instead, require the same privileges as
required for a multicast bind.
Signed-off-by: Kees Cook
Cc: Evgeniy Polyakov
Cc
On Tue, Feb 26, 2013 at 5:27 PM, Dan Williams wrote:
> On Fri, Feb 22, 2013 at 11:40 PM, Kees Cook wrote:
>> The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
>> while now and is almost always enabled by default. As agreed during the
>> Linux kernel s
return err;
And going forward we should probably think about dropping the CAP_SYS_ADMIN
backward-compat code in check_syslog_permissions.
> /* write-only does not need any file context */
> if ((file->f_flags & O_ACCMODE) == O_WRONLY)
> return 0;
-Kees
--
K
s.
Actually, are the security_syslog() checks in /dev/kmsg correct? There is
only one used in devkmsg_open which uses SYSLOG_ACTION_READ_ALL. Shouldn't
it be using SYSLOG_ACTION_OPEN? And have SYSLOG_ACTION_READ_ALL added to
devkmsg_read? (And should we add one for write?)
-Kees
--
Ke
On Wed, Feb 27, 2013 at 10:01 AM, Josh Boyer wrote:
> On Wed, Feb 27, 2013 at 09:54:27AM -0800, Kees Cook wrote:
>> On Fri, Feb 22, 2013 at 01:18:57PM -0500, Josh Boyer wrote:
>> > Originally, the addition of dmesg_restrict covered both the syslog
>> > method of acces
PERM;
>> }
>> - return 0;
>> +ok:
>> + return security_syslog(type);
>> }
>>
>> #if defined(CONFIG_PRINTK_TIME)
>> @@ -1133,10 +1134,6 @@ int do_syslog(int type, char __user *buf, int len,
>> bool from_file)
>> if (error)
>
When the userspace messaging (for the less common case of userspace key
wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with
it removed. This saves on kernel code size and reduces potential attack
surface by removing the /dev/ecryptfs node.
Signed-off-by: Kees Cook
Cc: Tyler
When the userspace messaging (for the less common case of userspace key
wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with
it removed. This saves on kernel code size and reduces potential attack
surface by removing the /dev/ecryptfs node.
Signed-off-by: Kees Cook
Cc: Tyler
The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
while now and is almost always enabled by default. As agreed during the
Linux kernel summit, remove it from any "depends on" lines in Kconfigs.
Signed-off-by: Kees Cook
Cc: Stefano Stabellini
Cc: Mukesh Rathor
On Thu, Feb 28, 2013 at 2:53 PM, Stefano Stabellini
wrote:
> On Thu, 28 Feb 2013, Kees Cook wrote:
>> The CONFIG_EXPERIMENTAL config item has not carried much meaning for a
>> while now and is almost always enabled by default. As agreed during the
>> Linux kernel summi
- SuSE Security Team
- End forwarded message -
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.htm
On Wed, Mar 13, 2013 at 4:14 PM, Josh Triplett wrote:
> drop_caches.c provides code only invokable via sysctl, so don't compile
> it in when CONFIG_SYSCTL=n.
>
> Signed-off-by: Josh Triplett
Seems reasonable to me.
Acked-by: Kees Cook
--
Kees Cook
Chrome OS Security
--
To
On Thu, Mar 14, 2013 at 9:57 AM, Daniel Vetter wrote:
> On Wed, Mar 13, 2013 at 9:28 PM, Daniel Vetter wrote:
>> On Tue, Mar 12, 2013 at 09:07:46AM +, Chris Wilson wrote:
>>> On Mon, Mar 11, 2013 at 05:31:45PM -0700, Kees Cook wrote:
>>> > It is possible to wra
On Fri, Mar 15, 2013 at 10:02 AM, Nicolas Schichan wrote:
>
> Signed-off-by: Nicolas Schichan
Ah, good catch. Thanks!
Acked-by: Kees Cook
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a m
p_attach_filter(struct sock_fprog
> *fprog)
> if (ret)
> goto fail;
>
> + filter->bpf_func = sk_run_filter;
> + seccomp_jit_compile(filter);
> +
> /*
> * If there is an existing filter, make it the prev and don&#x
On Fri, Mar 15, 2013 at 12:10 PM, Nicolas Schichan wrote:
> On 03/15/2013 07:45 PM, Kees Cook wrote:
>>
>> On Fri, Mar 15, 2013 at 11:28 AM, Nicolas Schichan
>> wrote:
>>>
>>> +/**
>>> + * struct seccomp_filter - container for seccomp BPF pro
ver pops up again it can be caught when someone feels
> like cleaning up invalid Kconfig symbols and macros again.
Hrm, I actually think it would be better to change this to ERROR
instead of WARN.
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubsc
On Tue, Aug 28, 2012 at 10:09 AM, Greg Kroah-Hartman
wrote:
> On Tue, Aug 28, 2012 at 10:41:10AM -0400, Theodore Ts'o wrote:
>> On Mon, Aug 27, 2012 at 01:32:15PM -0700, Kees Cook wrote:
>> > Since the debugfs is mostly only used by root, make the default mount
>> &g
Now that kernel module origins can be reasoned about, provide a hook to
the LSMs to make policy decisions about the module file.
Signed-off-by: Kees Cook
---
include/linux/security.h | 11 +++
kernel/module.c |7 +++
security/capability.c|6 ++
security
the fd argument style can trivially
downgrade to the blob argument style when they see an EFAULT error.
Signed-off-by: Kees Cook
---
kernel/module.c | 97 +--
1 files changed, 87 insertions(+), 10 deletions(-)
diff --git a/kernel/module.c b
.
Signed-off-by: Kees Cook
---
include/linux/security.h | 31 +++
security/Kconfig |5 -
security/security.c | 13 +
security/yama/yama_lsm.c | 14 --
4 files changed, 48 insertions(+), 15 deletions(-)
diff --git a/include
os use (or want to use) Yama, I think that's
reason enough for this. I think it's important for us to take a
practical approach here, and having the big LSMs each hook Yama
instead of doing this in a single global place will make it needlessly
duplicated code.
-Kees
--
Kees Cook
C
patches, just allow Yama
to be called unconditionally when selected by the new CONFIG.
Signed-off-by: Kees Cook
---
include/linux/security.h | 31 +++
security/security.c | 21 +
security/yama/Kconfig|8
security/yama
On Wed, Sep 12, 2012 at 12:34 AM, Rusty Russell wrote:
> "H. Peter Anvin" writes:
>
>> On 09/06/2012 11:13 AM, Kees Cook wrote:
>>> Instead of (or in addition to) kernel module signing, being able to reason
>>> about the origin of a kernel module would b
-EFAULT when err != 0).
Reported-by: Fengguang Wu
Signed-off-by: Kees Cook
---
This change is on top of the finit_module patch series.
---
kernel/module.c |5 -
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/kernel/module.c b/kernel/module.c
index 0ad03c4..05b8dde 100644
Caught by smatch:
kernel/module.c:2450 copy_module_from_user() warn: maybe return -EFAULT instead
of the bytes remaining?
Fix the check of copy_from_user() to report -EFAULT as was done before.
Reported-by: Fengguang Wu
Signed-off-by: Kees Cook
---
Should be applied on top of the finit_module
be dropped entirely.
CC: Greg KH
CC: "Eric W. Biederman"
CC: Serge Hallyn
CC: "Paul E. McKenney"
CC: Andrew Morton
CC: Frederic Weisbecker
Signed-off-by: Kees Cook
---
This is the first of a series of 202 patches removing EXPERIMENTAL from
all the Kconfigs in the tree. Sh
embedded system) tries to set it
> on the first mmap invocation, and stops trying if it fails. Not the
> most elegant approach, I know ...
Actually, that seems easiest.
Has there been any more progress on this patch over-all?
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe
On Tue, Oct 2, 2012 at 2:41 PM, Ard Biesheuvel wrote:
> 2012/10/2 Kees Cook :
>>> If desired, additional restrictions can be imposed by using the
>>> security framework, e.g,, disallow non-final r-x mappings.
>>
>> Interesting; what kind of interface did you hav
In the paranoid case of sysctl kernel.kptr_restrict=2, mask the kernel
virtual addresses in /proc/vmallocinfo too.
Reported-by: Brad Spengler
Signed-off-by: Kees Cook
---
mm/vmalloc.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index
On Tue, Oct 2, 2012 at 10:12 PM, David Rientjes wrote:
> On Tue, 2 Oct 2012, Kees Cook wrote:
>
>> In the paranoid case of sysctl kernel.kptr_restrict=2, mask the kernel
>> virtual addresses in /proc/vmallocinfo too.
>>
>> Reported-by: Brad Spengler
>>
On Tue, Oct 2, 2012 at 10:37 PM, David Rientjes wrote:
> On Tue, 2 Oct 2012, Kees Cook wrote:
>
>> >> In the paranoid case of sysctl kernel.kptr_restrict=2, mask the kernel
>> >> virtual addresses in /proc/vmallocinfo too.
>> >>
>> >> Repo
On Wed, Oct 3, 2012 at 6:25 AM, Paul E. McKenney
wrote:
> On Tue, Oct 02, 2012 at 12:50:42PM -0700, Kees Cook wrote:
>> This config item has not carried much meaning for a while now and is
>> almost always enabled by default. As agreed during the Linux kernel
>> summit, it sh
utable code or data sections read-write.
>
> Signed-off-by: Ard Biesheuvel
Reviewed-by: Kees Cook
If it wasn't clear before, I like this idea. :)
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body o
On Wed, Oct 3, 2012 at 11:02 AM, David Rientjes wrote:
> On Wed, 3 Oct 2012, Kees Cook wrote:
>
>> > So root does echo 0 > /proc/sys/kernel/kptr_restrict first. Again: what
>> > are you trying to protect?
>>
>> Only CAP_SYS_ADMIN can change the setting.
On Wed, Oct 3, 2012 at 9:47 AM, Paul E. McKenney
wrote:
> On Wed, Oct 03, 2012 at 09:17:02AM -0700, Greg Kroah-Hartman wrote:
>> On Wed, Oct 03, 2012 at 06:25:38AM -0700, Paul E. McKenney wrote:
>> > On Tue, Oct 02, 2012 at 12:50:42PM -0700, Kees Cook wrote:
>> >
://www.elliptictech.com/)
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.
On Wed, Oct 03, 2012 at 04:41:41PM -0400, Theodore Ts'o wrote:
> On Wed, Oct 03, 2012 at 01:29:15PM -0700, Linus Torvalds wrote:
> > On Wed, Oct 3, 2012 at 1:05 PM, Kees Cook wrote:
> > >
> > > 3.6 introduced link restrictions:
> >
> > Hmm. If this c
On Wed, Oct 03, 2012 at 01:54:21PM -0700, Linus Torvalds wrote:
> On Wed, Oct 3, 2012 at 1:49 PM, Kees Cook wrote:
> >
> > I think the benefits of this being on by default outweigh glitches
> > like this. Based on Nick's email, it looks like a directory tree of his
>
boot until sysctls
> > get set.
>
> If your early boot code trusts a random writeable user directory I think
> you have other problems.
You should see some of the things various Android devices do! :)
-Kees
--
Kees Cook@outflux.net
--
To uns
ich is at the request of the
process) and gets in the way of things like Java that expect to be
able to do w+x mappings.
> It sounds as though the PaX developers could provide useful review
> input on this proposal. Do they know about it? If so, what is their
> position?
I'd rather no
On Thu, Sep 20, 2012 at 3:14 PM, Kees Cook wrote:
> As part of the effort to create a stronger boundary between root and
> kernel, Chrome OS wants to be able to enforce that kernel modules are
> being loaded only from our read-only crypto-hash verified (dm_verity)
> root filesyste
On Wed, Oct 3, 2012 at 4:29 PM, Guenter Roeck wrote:
> On Tue, Oct 02, 2012 at 07:50:42PM -0000, Kees Cook wrote:
>> This config item has not carried much meaning for a while now and is
>> almost always enabled by default. As agreed during the Linux kernel
>> summit, it sh
On Thu, Oct 04, 2012 at 09:35:04AM -0400, Nick Bowler wrote:
> On 2012-10-03 13:54 -0700, Linus Torvalds wrote:
> > On Wed, Oct 3, 2012 at 1:49 PM, Kees Cook wrote:
> > > I think the benefits of this being on by default outweigh glitches
> > > like this. Based on Ni
On Thu, Oct 04, 2012 at 12:03:54PM -0400, Nick Bowler wrote:
> On 2012-10-04 08:49 -0700, Kees Cook wrote:
> > On Thu, Oct 04, 2012 at 09:35:04AM -0400, Nick Bowler wrote:
> > > On 2012-10-03 13:54 -0700, Linus Torvalds wrote:
> > > > On Wed, Oct 3, 2012 at 1:49 PM,
Hi,
This is a rebase onto Rusty's module-next tree. The syscall number
additions show the expected changes that are living in linux-next already,
just to avoid horrible collisions there.
I would _really_ like this to get into the 3.7 window, if possible. It's
gotten lots of support, and I think i
This adds the finit_module syscall to the generic syscall list.
Signed-off-by: Kees Cook
Acked-by: Arnd Bergmann
---
include/asm-generic/unistd.h |6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/include/asm-generic/unistd.h b/include/asm-generic/unistd.h
index
Add finit_module syscall to the ARM syscall list.
Signed-off-by: Kees Cook
Cc: Russell King
---
arch/arm/include/asm/unistd.h |2 ++
arch/arm/kernel/calls.S |2 ++
2 files changed, 4 insertions(+)
diff --git a/arch/arm/include/asm/unistd.h b/arch/arm/include/asm/unistd.h
index
e contents of
the module.
This introduces a new syscall (on x86), similar to init_module, that has
only two arguments. The first argument is used as a file descriptor to
the module and the second argument is a pointer to the NULL terminated
string of module arguments.
Signed-off-by: Kees Cook
attributes for signatures, etc.
Signed-off-by: Kees Cook
Acked-by: Serge E. Hallyn
Acked-by: Eric Paris
Acked-by: Mimi Zohar
---
include/linux/security.h | 13 +
kernel/module.c | 11 +++
security/capability.c|6 ++
security/security.c |5
On Wed, Oct 3, 2012 at 10:39 PM, Rusty Russell wrote:
> Kees Cook writes:
>
>> On Thu, Sep 20, 2012 at 3:14 PM, Kees Cook wrote:
>>> As part of the effort to create a stronger boundary between root and
>>> kernel, Chrome OS wants to be able to enforce that kerne
> Signed-off-by: Sasha Levin
Thanks for catching that!
Cc: sta...@vger.kernel.org
Acked-by: Kees Cook
--
Kees Cook@outflux.net
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to major
ep adding two days for every trivial issue which is found :(
>
> It's in my modules-wip branch for 3.8.
Cool; better than not in at all. :) Thanks!
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a me
7;t the syscall man pages in the kernel source?
>>
>> Thanks,
>> Rusty.
>>
>> module: add flags arg to sys_finit_module()
>>
>> Thanks to Michael Kerrisk for keeping us honest. These flags are actually
>> useful for eliminating the only case where kmod h
On Mon, Oct 22, 2012 at 9:08 PM, Lucas De Marchi
wrote:
> On Tue, Oct 23, 2012 at 1:40 AM, Kees Cook wrote:
>> On Mon, Oct 22, 2012 at 7:37 PM, Lucas De Marchi
>> wrote:
>>> On Mon, Oct 22, 2012 at 5:39 AM, Rusty Russell
>>> wrote:
>>>> "Mic
, persistent_ram_old(prz), *size);
>
> - return size;
> + return 0;
> }
>
> static size_t ramoops_write_kmsg_hdr(struct persistent_ram_zone *prz)
> diff --git a/include/linux/pstore.h b/include/linux/pstore.h
> index ee3034a..3a293ff 100644
> --- a/include/linux/psto
On Tue, Oct 23, 2012 at 6:48 AM, Irina Tirdea wrote:
> From: Adrian Hunter
>
> Let the back end know when writing has finished by adding a flush method.
>
> Signed-off-by: Adrian Hunter
> Signed-off-by: Irina Tirdea
Acked-by: Kees Cook
-Kees
--
Kees Cook
Chrome
_bytes to ULONG_MAX
>
> Signed-off-by: Adrian Hunter
> Signed-off-by: Irina Tirdea
Either way, this patch looks logically fine to me.
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
This config item has not carried much meaning for a while now and is
almost always enabled by default (especially in distro builds). As agreed
during the Linux kernel summit, it should be removed.
As such, this is the patch series for removing CONFIG_EXPERIMENTAL,
with the hopes of all the variou
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during the Linux kernel
summit, remove it.
CC: Rob Landley
Signed-off-by: Kees Cook
---
Documentation/networking/cs89x0.txt |8 +++-
1 file changed, 3 insertions(+), 5
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during the Linux kernel
summit, remove it.
CC: David Airlie
CC: Dave Airlie
CC: Adam Jackson
Signed-off-by: Kees Cook
---
drivers/gpu/drm/cirrus/Kconfig |2 +-
1 file changed
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during the Linux kernel
summit, remove it.
CC: "J. Bruce Fields"
Signed-off-by: Kees Cook
---
fs/nfsd/Kconfig |4 ++--
1 file changed, 2 insertions(+), 2 deletion
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during the Linux kernel
summit, remove it.
CC: Stanislav Yakovlev
CC: "John W. Linville"
Signed-off-by: Kees Cook
---
drivers/net/wireless/ipw2x00/Kconfig |2 +-
1 fi
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during the Linux kernel
summit, remove it.
CC: Rusty Russell
CC: Davidlohr Bueso
Signed-off-by: Kees Cook
---
tools/lguest/lguest.txt |8 ++--
1 file changed, 2 insertions
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during the Linux kernel
summit, remove it.
CC: Russell King
CC: "James E.J. Bottomley"
Signed-off-by: Kees Cook
---
drivers/scsi/arm/Kconfig | 10 +-
1 file
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during the Linux kernel
summit, remove it.
CC: Len Brown
Signed-off-by: Kees Cook
---
drivers/acpi/Kconfig |9 +++--
1 file changed, 3 insertions(+), 6 deletions(-)
diff
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during the Linux kernel
summit, remove it.
CC: "James E.J. Bottomley"
Signed-off-by: Kees Cook
---
drivers/scsi/Kconfig | 18 +-
1 file changed, 9 insert
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during the Linux kernel
summit, remove it.
CC: "John W. Linville"
CC: Johannes Berg
CC: "David S. Miller"
Signed-off-by: Kees Cook
---
net/mac80211/Kconf
1 - 100 of 10546 matches
Mail list logo
