[PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down
jlee at suse.com
jlee at suse.com
Fri Oct 20 16:43:43 UTC 2017
On Fri, Oct 20, 2017 at 05:03:22PM +0100, David Howells wrote:
> jlee at suse.com wrote:
>
> > I think that we don't need to lock down sys_bpf() now because
> > we didn't lock down other interfaces for reading arbitrary
> > address like /dev/mem and /dev/kmem.
>
> Ummm... See patch 4. You even gave me a Reviewed-by for it ;-)
>
> David
hm... patch 4 only prevents write_mem() but not read_mem().
Or I missed anything?
Thanks
Joey Lee
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list