[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Matthew Garrett mjg59 at srcf.ucam.org
Wed Jun 27 17:58:16 UTC 2012


On Wed, Jun 27, 2012 at 01:55:31PM -0400, Steven Rostedt wrote:
> On Wed, 2012-06-27 at 18:39 +0100, Matthew Garrett wrote:
> > Well, it's more if an exploitable vulnerability is found in a kernel 
> > *and* that vulnerability is then used to attack other operating systems.
> 
> What level of exploit is this? As userspace is not to be trusted, any
> way root has the ability to change kernel memory (like the loaded kexec
> image), then this would be classified as an exploit that can attack
> another operating system. No?

If I can boot a signed Linux kernel and then use that to launch a 
trojaned Linux or Windows kernel then that signed kernel is likely to be 
blacklisted.

> As now, not even root may be trusted, this can cause a much bigger
> restriction of what is considered safe.

Yup.

> Does the full path to exploitation need to be satisfied before
> signatures are blacklisted? That is, if a kernel is found to have a way
> that root can inject an exploit, is that enough? Or does there need to
> also be a way to get root to inject this exploit without the user
> knowing?

My understanding is that attacks need to exist rather than merely being 
theoretical.

-- 
Matthew Garrett | mjg59 at srcf.ucam.org


More information about the Ksummit-2012-discuss mailing list