subject:"\[Xen\-devel\] \[PATCH 4\/3\] x86\/ldt\: allow to disable modify

Re: [Xen-devel] [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime

2015-07-27 Thread Willy Tarreau

On Mon, Jul 27, 2015 at 12:04:54PM -0700, Kees Cook wrote: > On Sat, Jul 25, 2015 at 6:03 AM, Willy Tarreau wrote: > > On Sat, Jul 25, 2015 at 09:50:52AM +0200, Willy Tarreau wrote: > >> On Fri, Jul 24, 2015 at 11:44:52PM -0700, Andy Lutomirski wrote: > >> > I'm all for it, but I think it should b

Re: [Xen-devel] [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime

2015-07-27 Thread Kees Cook

On Sat, Jul 25, 2015 at 6:03 AM, Willy Tarreau wrote: > On Sat, Jul 25, 2015 at 09:50:52AM +0200, Willy Tarreau wrote: >> On Fri, Jul 24, 2015 at 11:44:52PM -0700, Andy Lutomirski wrote: >> > I'm all for it, but I think it should be hard-disablable in config, >> > too, for the -tiny people. >> >>

Re: [Xen-devel] [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime

2015-07-25 Thread Willy Tarreau

On Sat, Jul 25, 2015 at 10:42:14AM -0700, Andy Lutomirski wrote: > On Sat, Jul 25, 2015 at 9:33 AM, Willy Tarreau wrote: > > On Sat, Jul 25, 2015 at 09:08:39AM -0700, Andy Lutomirski wrote: > >> There's one thing that I think is incomplete here. Currently, espfix > >> triggers if SS points to the

Re: [Xen-devel] [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime

2015-07-25 Thread Andy Lutomirski

On Sat, Jul 25, 2015 at 9:33 AM, Willy Tarreau wrote: > On Sat, Jul 25, 2015 at 09:08:39AM -0700, Andy Lutomirski wrote: >> There's one thing that I think is incomplete here. Currently, espfix >> triggers if SS points to the LDT. It's possible for SS to point to >> the LDT even with modify_ldt d

Re: [Xen-devel] [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime

2015-07-25 Thread Willy Tarreau

On Sat, Jul 25, 2015 at 09:08:39AM -0700, Andy Lutomirski wrote: > There's one thing that I think is incomplete here. Currently, espfix > triggers if SS points to the LDT. It's possible for SS to point to > the LDT even with modify_ldt disabled, and there's a decent amount of > attack surface the

Re: [Xen-devel] [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime

2015-07-25 Thread Andy Lutomirski

On Sat, Jul 25, 2015 at 6:03 AM, Willy Tarreau wrote: > On Sat, Jul 25, 2015 at 09:50:52AM +0200, Willy Tarreau wrote: >> On Fri, Jul 24, 2015 at 11:44:52PM -0700, Andy Lutomirski wrote: >> > I'm all for it, but I think it should be hard-disablable in config, >> > too, for the -tiny people. >> >>

[Xen-devel] [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime

2015-07-25 Thread Willy Tarreau

On Sat, Jul 25, 2015 at 09:50:52AM +0200, Willy Tarreau wrote: > On Fri, Jul 24, 2015 at 11:44:52PM -0700, Andy Lutomirski wrote: > > I'm all for it, but I think it should be hard-disablable in config, > > too, for the -tiny people. > > I totally agree. > > > If we add a runtime disable, let's do

Re: [Xen-devel] [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime

Re: [Xen-devel] [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime

Re: [Xen-devel] [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime

Re: [Xen-devel] [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime

Re: [Xen-devel] [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime

Re: [Xen-devel] [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime

[Xen-devel] [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime

7 matches

Site Navigation

Mail list logo

Footer information