linux-man.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Pavel Machek <pavel@ucw.cz>
To: David Howells <dhowells@redhat.com>
Cc: torvalds@linux-foundation.org, linux-man@vger.kernel.org,
	linux-api@vger.kernel.org, jmorris@namei.org,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH 02/24] Add a SysRq option to lift kernel lockdown
Date: Fri, 13 Apr 2018 22:22:23 +0200	[thread overview]
Message-ID: <20180413202222.GA4396@amd> (raw)
In-Reply-To: <152346389240.4030.11187964053014260180.stgit@warthog.procyon.org.uk>

[-- Attachment #1: Type: text/plain, Size: 1790 bytes --]

On Wed 2018-04-11 17:24:52, David Howells wrote:
> From: Kyle McMartin <kyle@redhat.com>
> 
> Make an option to provide a sysrq key that will lift the kernel lockdown,
> thereby allowing the running kernel image to be accessed and modified.
> 
> On x86 this is triggered with SysRq+x, but this key may not be available on
> all arches, so it is set by setting LOCKDOWN_LIFT_KEY in asm/setup.h.
> Since this macro must be defined in an arch to be able to use this facility
> for that arch, the Kconfig option is restricted to arches that support it.
> 
> Signed-off-by: Kyle McMartin <kyle@redhat.com>
> Signed-off-by: David Howells <dhowells@redhat.com>
> cc: x86@kernel.org

Is that good idea? Magic sysrq was meant for debugging, not for
toggling options like that. Distros are expected to turn it off.

It also works over serial consoles etc, being able to toggle security
options from serial is surprising...

> --- a/drivers/tty/sysrq.c
> +++ b/drivers/tty/sysrq.c
> @@ -487,6 +487,7 @@ static struct sysrq_key_op *sysrq_key_table[36] = {
>  	/* x: May be registered on mips for TLB dump */
>  	/* x: May be registered on ppc/powerpc for xmon */
>  	/* x: May be registered on sparc64 for global PMU dump */
> +	/* x: May be registered on x86_64 for disabling secure boot */
>  	NULL,				/* x */

What about x86-32?

> +static struct sysrq_key_op lockdown_lift_sysrq_op = {
> +	.handler	= sysrq_handle_lockdown_lift,
> +	.help_msg	= "unSB(x)",
> +	.action_msg	= "Disabling Secure Boot restrictions",
> +	.enable_mask	= SYSRQ_DISABLE_USERSPACE,
> +};

I'd remove secure boot mentions here.
								Pavel

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

  parent reply	other threads:[~2018-04-13 20:22 UTC|newest]

Thread overview: 63+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-11 16:24 [PATCH 00/24] security: Add kernel lockdown David Howells
2018-04-11 16:24 ` [PATCH 01/24] Add the ability to lock down access to the running kernel image David Howells
2018-04-11 16:44   ` Jann Horn
2018-04-11 17:37   ` Randy Dunlap
2018-04-11 18:50     ` Miguel Ojeda
2018-04-11 19:56       ` Greg KH
2018-04-11 17:49   ` David Howells
2018-04-11 18:09   ` Linus Torvalds
2018-04-11 18:35     ` Justin Forbes
2018-04-11 21:05     ` Jordan Glover
2018-04-11 22:38       ` Linus Torvalds
2018-04-12 13:09         ` Justin Forbes
2018-04-12 16:52           ` Linus Torvalds
2018-04-12  2:57   ` Andy Lutomirski
2018-04-11 16:24 ` [PATCH 02/24] Add a SysRq option to lift kernel lockdown David Howells
2018-04-11 17:05   ` Jann Horn
2018-04-13 20:22   ` Pavel Machek [this message]
2018-04-11 16:24 ` [PATCH 03/24] ima: require secure_boot rules in lockdown mode David Howells
2018-04-11 16:25 ` [PATCH 04/24] Enforce module signatures if the kernel is locked down David Howells
2018-04-11 16:25 ` [PATCH 05/24] Restrict /dev/{mem, kmem, port} when " David Howells
2018-04-11 16:25 ` [PATCH 06/24] kexec_load: Disable at runtime if " David Howells
2018-04-11 19:00   ` Eric W. Biederman
2018-04-11 20:09     ` Mimi Zohar
2018-04-12 11:38       ` Mimi Zohar
2018-04-11 20:05   ` David Howells
2018-04-11 16:25 ` [PATCH 07/24] hibernate: Disable when " David Howells
2018-04-13 20:22   ` Pavel Machek
2018-04-19 14:38   ` David Howells
2018-04-22 14:34     ` Andy Lutomirski
2018-04-26  7:26     ` Pavel Machek
2018-04-26  7:34       ` Rafael J. Wysocki
2018-04-26  8:20       ` Jiri Kosina
2018-05-23  8:46         ` joeyli
2018-04-11 16:25 ` [PATCH 08/24] uswsusp: " David Howells
2018-04-11 16:25 ` [PATCH 09/24] PCI: Lock down BAR access " David Howells
2018-04-11 16:25 ` [PATCH 10/24] x86: Lock down IO port " David Howells
2018-04-11 16:25 ` [PATCH 11/24] x86/msr: Restrict MSR " David Howells
2018-04-11 16:25 ` [PATCH 12/24] ACPI: Limit access to custom_method " David Howells
2018-04-11 16:26 ` [PATCH 13/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been " David Howells
2018-04-11 16:26 ` [PATCH 14/24] acpi: Disable ACPI table override if the kernel is " David Howells
2018-04-11 16:26 ` [PATCH 15/24] acpi: Disable APEI error injection " David Howells
2018-04-11 16:26 ` [PATCH 16/24] Prohibit PCMCIA CIS storage when " David Howells
2018-04-11 16:26 ` [PATCH 17/24] Lock down TIOCSSERIAL David Howells
2018-04-11 16:26 ` [PATCH 18/24] Lock down module params that specify hardware parameters (eg. ioport) David Howells
2018-04-11 17:22   ` Randy Dunlap
2018-04-11 16:26 ` [PATCH 19/24] x86/mmiotrace: Lock down the testmmiotrace module David Howells
2018-04-11 16:26 ` [PATCH 20/24] Lock down /proc/kcore David Howells
2018-04-11 16:26 ` [PATCH 21/24] Lock down kprobes David Howells
2018-04-11 16:27 ` [PATCH 22/24] bpf: Restrict kernel image access functions when the kernel is locked down David Howells
2018-04-11 16:27 ` [PATCH 23/24] Lock down perf David Howells
2018-04-11 16:27 ` [PATCH 24/24] debugfs: Restrict debugfs when the kernel is locked down David Howells
2018-04-11 17:26   ` Randy Dunlap
2018-04-11 18:50   ` Eric W. Biederman
2018-04-11 19:54   ` Greg KH
2018-04-11 20:08   ` David Howells
2018-04-11 20:09   ` David Howells
2018-04-11 20:33     ` Greg KH
2018-04-12  2:54       ` Andy Lutomirski
2018-04-12  8:23         ` Greg KH
2018-04-12 14:19           ` Andy Lutomirski
2018-04-13 20:22   ` Pavel Machek
2018-04-19 14:35   ` David Howells
2018-05-10 11:01     ` Pavel Machek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180413202222.GA4396@amd \
    --to=pavel@ucw.cz \
    --cc=dhowells@redhat.com \
    --cc=jmorris@namei.org \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-man@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).