[PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
jmorris at namei.org
Thu Mar 28 19:23:30 UTC 2019
On Thu, 28 Mar 2019, Matthew Garrett wrote:
> On Wed, Mar 27, 2019 at 8:15 PM James Morris <jmorris at namei.org> wrote:
> > OTOH, this seems like a combination of mechanism and policy. The 3 modes
> > are a help here, but I wonder if they may be too coarse grained still,
> > e.g. if someone wants to allow a specific mechanism according to their own
> > threat model and mitigations.
> In general the interfaces blocked by these patches could also be
> blocked with an LSM, and I'd guess that people with more fine-grained
> requirements would probably take that approach.
So... I have to ask, why not use LSM for this in the first place?
Either with an existing module or perhaps a lockdown LSM?
> > Secure boot gives you some assurance of the static state of the system at
> > boot time, and lockdown is certainly useful (with or without secure boot),
> > but it's not a complete solution to runtime kernel integrity protection by
> > any stretch of the imagination. I'm concerned about it being perceived as
> > such.
> What do you think the functionality gaps are in terms of ensuring
> kernel integrity (other than kernel flaws that allow the restrictions
> to be bypassed)?
I don't know of any non-flaw gaps.
<jmorris at namei.org>
More information about the Linux-security-module-archive