| Message ID | 20171201201000.GA44539@beast (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 12/01/2017 12:10 PM, Kees Cook wrote: > Distros have been shipping with CONFIG_STRICT_DEVMEM=y for years now. It > is probably time to flip this default for x86 and arm64. > With my Fedora hat on, Acked-by: Laura Abbott <labbott@redhat.com > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > lib/Kconfig.debug | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug > index 947d3e2ed5c2..39b123d04a36 100644 > --- a/lib/Kconfig.debug > +++ b/lib/Kconfig.debug > @@ -1985,7 +1985,7 @@ config STRICT_DEVMEM > bool "Filter access to /dev/mem" > depends on MMU && DEVMEM > depends on ARCH_HAS_DEVMEM_IS_ALLOWED > - default y if TILE || PPC > + default y if TILE || PPC || X86 || ARM64 > ---help--- > If this option is disabled, you allow userspace (root) access to all > of memory, including kernel and userspace memory. Accidental >
On Fri, Dec 01, 2017 at 12:10:00PM -0800, Kees Cook wrote: > Distros have been shipping with CONFIG_STRICT_DEVMEM=y for years now. It > is probably time to flip this default for x86 and arm64. Should we be defaulting IO_STRICT_DEVMEM on as well? Will > Signed-off-by: Kees Cook <keescook@chromium.org> > --- > lib/Kconfig.debug | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug > index 947d3e2ed5c2..39b123d04a36 100644 > --- a/lib/Kconfig.debug > +++ b/lib/Kconfig.debug > @@ -1985,7 +1985,7 @@ config STRICT_DEVMEM > bool "Filter access to /dev/mem" > depends on MMU && DEVMEM > depends on ARCH_HAS_DEVMEM_IS_ALLOWED > - default y if TILE || PPC > + default y if TILE || PPC || X86 || ARM64 > ---help--- > If this option is disabled, you allow userspace (root) access to all > of memory, including kernel and userspace memory. Accidental > -- > 2.7.4 > > > -- > Kees Cook > Pixel Security
On Mon, Dec 4, 2017 at 7:56 AM, Will Deacon <will.deacon@arm.com> wrote: > On Fri, Dec 01, 2017 at 12:10:00PM -0800, Kees Cook wrote: >> Distros have been shipping with CONFIG_STRICT_DEVMEM=y for years now. It >> is probably time to flip this default for x86 and arm64. > > Should we be defaulting IO_STRICT_DEVMEM on as well? I'd love to see that, but I haven't seen a long history on this setting yet. It may be that arm64 can do it, since it doesn't have the x86 hardware legacy stuff ... If you're willing to give it a shot, I'm all for it. :) -Kees > > Will > >> Signed-off-by: Kees Cook <keescook@chromium.org> >> --- >> lib/Kconfig.debug | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug >> index 947d3e2ed5c2..39b123d04a36 100644 >> --- a/lib/Kconfig.debug >> +++ b/lib/Kconfig.debug >> @@ -1985,7 +1985,7 @@ config STRICT_DEVMEM >> bool "Filter access to /dev/mem" >> depends on MMU && DEVMEM >> depends on ARCH_HAS_DEVMEM_IS_ALLOWED >> - default y if TILE || PPC >> + default y if TILE || PPC || X86 || ARM64 >> ---help--- >> If this option is disabled, you allow userspace (root) access to all >> of memory, including kernel and userspace memory. Accidental >> -- >> 2.7.4 >> >> >> -- >> Kees Cook >> Pixel Security
On 1 December 2017 at 20:10, Kees Cook <keescook@chromium.org> wrote: > Distros have been shipping with CONFIG_STRICT_DEVMEM=y for years now. It > is probably time to flip this default for x86 and arm64. > > Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> > --- > lib/Kconfig.debug | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug > index 947d3e2ed5c2..39b123d04a36 100644 > --- a/lib/Kconfig.debug > +++ b/lib/Kconfig.debug > @@ -1985,7 +1985,7 @@ config STRICT_DEVMEM > bool "Filter access to /dev/mem" > depends on MMU && DEVMEM > depends on ARCH_HAS_DEVMEM_IS_ALLOWED > - default y if TILE || PPC > + default y if TILE || PPC || X86 || ARM64 > ---help--- > If this option is disabled, you allow userspace (root) access to all > of memory, including kernel and userspace memory. Accidental > -- > 2.7.4 > > > -- > Kees Cook > Pixel Security
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 947d3e2ed5c2..39b123d04a36 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1985,7 +1985,7 @@ config STRICT_DEVMEM bool "Filter access to /dev/mem" depends on MMU && DEVMEM depends on ARCH_HAS_DEVMEM_IS_ALLOWED - default y if TILE || PPC + default y if TILE || PPC || X86 || ARM64 ---help--- If this option is disabled, you allow userspace (root) access to all of memory, including kernel and userspace memory. Accidental
Distros have been shipping with CONFIG_STRICT_DEVMEM=y for years now. It is probably time to flip this default for x86 and arm64. Signed-off-by: Kees Cook <keescook@chromium.org> --- lib/Kconfig.debug | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)