[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security

Stephen Hemminger shemminger at vyatta.com
Wed Jun 27 18:20:54 UTC 2012

On Wed, 27 Jun 2012 18:58:16 +0100
Matthew Garrett <mjg59 at srcf.ucam.org> wrote:

> On Wed, Jun 27, 2012 at 01:55:31PM -0400, Steven Rostedt wrote:
> > On Wed, 2012-06-27 at 18:39 +0100, Matthew Garrett wrote:
> > > Well, it's more if an exploitable vulnerability is found in a kernel 
> > > *and* that vulnerability is then used to attack other operating systems.
> > 
> > What level of exploit is this? As userspace is not to be trusted, any
> > way root has the ability to change kernel memory (like the loaded kexec
> > image), then this would be classified as an exploit that can attack
> > another operating system. No?
> If I can boot a signed Linux kernel and then use that to launch a 
> trojaned Linux or Windows kernel then that signed kernel is likely to be 
> blacklisted.
> > As now, not even root may be trusted, this can cause a much bigger
> > restriction of what is considered safe.

It is even worse that that. What about hardware that has test
registers. I know of boards that have ability to write DMA to arbitrary
locations by programing the registers.  This means it would be impossible
to allow this PCI space to be written from user mode processes. Extending
that to the general case, it would make user mode control of hardware
illegal. Probably need to disable all userspace device access if doing
this crap. Alternatively, we have to add another security layer to deal
with signed applications.

More information about the Ksummit-2012-discuss mailing list