Announcement

Collapse
No announcement yet.

Linux 4.7 To Gain New Security Feature Ported From Chrome OS

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • balouba
    replied
    Nah its about as good as lkm signing but allows to just sign a whole partition instead of each module. not really any different. not sure its really better either.. just different.

    Leave a comment:


  • plonoma
    replied
    Originally posted by nanonyme View Post

    Tbh if you can edit the kernel parameters, you can probably make the machine load your own kernel. If someone gets so far, consider game lost
    Yes, however we have a special case here.
    The potential to remove that kernel parameter without negative effects on software functioning is potentially workable for this security functionality.
    Could have compilation not add that parameter by default for compiling the kernel!

    Leave a comment:


  • nanonyme
    replied
    Originally posted by plonoma View Post
    Not very interesting security feature if it can be defeated so easily.
    This little security risk should definitely get some developer attention.
    Tbh if you can edit the kernel parameters, you can probably make the machine load your own kernel. If someone gets so far, consider game lost

    Leave a comment:


  • plonoma
    replied
    Though even if the kernel is built with CONFIG_SECURITY_LOADPIN, it still can be defeated by setting loadpin.enabled=0 at boot-time.
    Not very interesting security feature if it can be defeated so easily.
    This little security risk should definitely get some developer attention.

    Leave a comment:


  • Linux 4.7 To Gain New Security Feature Ported From Chrome OS

    Phoronix: Linux 4.7 To Gain New Security Feature Ported From Chrome OS

    James Morris has made known the security subsystem updates intended for the Linux 4.7 kernel and it includes one addition worth mentioning...

    http://www.phoronix.com/scan.php?pag...in-Restriction
Working...
X