[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Steven Rostedt rostedt at goodmis.org
Wed Jun 27 17:55:31 UTC 2012


On Wed, 2012-06-27 at 18:39 +0100, Matthew Garrett wrote:
> On Wed, Jun 27, 2012 at 01:35:42PM -0400, Steven Rostedt wrote:
> > On Wed, 2012-06-27 at 18:24 +0100, Matthew Garrett wrote:
> > 
> > > If anything's able to write into kernel memory then I think we've 
> > > already got fairly significant problems.
> > 
> > Which brings up an interesting point. IIRC, if a root hole is found in
> > one of the signed kernels, that signature will get blacklisted, such
> > that, that kernel will not boot anymore.
> 
> Well, it's more if an exploitable vulnerability is found in a kernel 
> *and* that vulnerability is then used to attack other operating systems.


What level of exploit is this? As userspace is not to be trusted, any
way root has the ability to change kernel memory (like the loaded kexec
image), then this would be classified as an exploit that can attack
another operating system. No?

As now, not even root may be trusted, this can cause a much bigger
restriction of what is considered safe.

Does the full path to exploitation need to be satisfied before
signatures are blacklisted? That is, if a kernel is found to have a way
that root can inject an exploit, is that enough? Or does there need to
also be a way to get root to inject this exploit without the user
knowing?

-- Steve




More information about the Ksummit-2012-discuss mailing list