|
|
Log in / Subscribe / Register

Garrett: Subverting security with kexec

[Posted December 4, 2013 by corbet]

Matthew Garrett demonstrates how to use the kexec() system call to change parameters in a running kernel. "The beauty of this approach is that it doesn't rely on any kernel bugs - it's using kernel functionality that was explicitly designed to let you do this kind of thing (ie, run arbitrary code in ring 0). There's not really any way to fix it beyond adding a new system call that has rather tighter restrictions on the binaries that can be loaded. If you're using signed modules but still permit kexec, you're not really adding any additional security."
to post comments

Garrett: Subverting security with kexec

Posted Dec 4, 2013 15:25 UTC (Wed) by scientes (guest, #83068) [Link]

> & 0x7fffffff

looks 2G/2G user/kernel split specific. How would you change this for a 3G/1G split?

Garrett: Subverting security with kexec

Posted Dec 4, 2013 15:38 UTC (Wed) by vgoyal (guest, #49279) [Link] (1 responses)

May be we should disable kexec jump back path if module signatures are enfornced. That should disallow circumventing the signed module restrictions. Problem of bypassing secureboot restrictions will remain though and new system call which will verify kernel signature should address that.

Garrett: Subverting security with kexec

Posted Dec 4, 2013 15:57 UTC (Wed) by vgoyal (guest, #49279) [Link]

I guess disabling kexec jump back will just make it harder to come back to original kernel and not necessarily impossible. So I guess a system call which does kernel signature verification is right solution.

Garrett: Subverting security with kexec

Posted Dec 4, 2013 16:04 UTC (Wed) by ledow (guest, #11753) [Link] (45 responses)

So if you boot on a trusted kernel, and have full root, then you can boot a machine that thinks it's under Secure Boot but "isn't" (but, actually, is, surely?).

Although kexec might be an "easy" path to do this via, how is this any different to, say, booting a virtual machine that has booted on a Secure Boot host?

And a lot of it sounds like theory - like the bootloader that loads Windows will just be accepted as a valid bootloader and not checked at all by Windows code in a Secure Boot environment. Has it actually been tested to do that?

And what, if anything, is the problem here? A kernel booted under Secure Boot and booted. That kernel has a facility to do "other things" and can also boot another OS easily. The trap really is how the hell is an operating system - of any flavour - supposed to know that the bootloader that loaded it was actually secure in the first place? And the answer is: It can't. Any amount of virtualisation will tell you that - it has no clue that the boot it received was actually secure or not. Everything else is just pontification over the exact method.

More worrying: Where would something like this leave "Microsoft-controlled" signed booting if there's a "flaw" like this in a signed Linux bootloader / kernel combination? Surely this should mean worldwide blacklisting of that signed bootloader, no? Because it's obviously allowing people to boot Windows in Secure Boot when it's not secure and could have done anything beforehand?

Sounds to me like people might be realising quite how stupid it was to let MS control whether or not your kernel is signed quite soon.

Garrett: Subverting security with kexec

Posted Dec 4, 2013 16:30 UTC (Wed) by nye (guest, #51576) [Link] (9 responses)

>The trap really is how the hell is an operating system - of any flavour - supposed to know that the bootloader that loaded it was actually secure in the first place? And the answer is: It can't.

No, the answer is "it isn't". It's not supposed to do that at all; that's not what secure boot is for.

This seems to be a common misunderstanding, but it's a pretty bad one because it's fundamental to the nature of secure boot and leads to people thinking that it's some kind of DRM system when it's nothing of the sort.
The point of secure boot is to protect the *user*, not the operating system, by reducing the chance that what they think is running is in fact *not* what is running.

Once you understand this, the answer to "how is this any different to, say, booting a virtual machine that has booted on a Secure Boot host" becomes fairly obvious: there is (in principle) no difference to the OS, but there is of course a difference to the user.

Garrett: Subverting security with kexec

Posted Dec 4, 2013 18:03 UTC (Wed) by proski (guest, #104) [Link] (3 responses)

Well, suppose that Ubuntu removes kexec from its kernels. The old kernel would still be bootable by the Ubuntu GRUB and shim and could be used to subvert Windows security.

What would happen next? Would Microsoft blacklist the old Ubuntu shim and release a new one that would only load the updated GRUB? How would the updated GRUB figure out which kernels are still secure? Would Ubuntu have to sign them with a new key?

I think it's very wrong that Microsoft used its market share to get into position of authority. It could get them sued for antitrust violations. If Microsoft bosses were smart, they would have handed the secure boot operations over to a non-commercial entity, such as MITRE.

Garrett: Subverting security with kexec

Posted Dec 5, 2013 11:49 UTC (Thu) by nye (guest, #51576) [Link] (2 responses)

>Well, suppose that Ubuntu removes kexec from its kernels. The old kernel would still be bootable by the Ubuntu GRUB and shim and could be used to subvert Windows security.

> What would happen next? Would Microsoft blacklist the old Ubuntu shim and release a new one that would only load the updated GRUB? How would the updated GRUB figure out which kernels are still secure? Would Ubuntu have to sign them with a new key?

I think this is adequately covered by Matthew later in the thread.

> I think it's very wrong that Microsoft used its market share to get into position of authority. It could get them sued for antitrust violations.
> If Microsoft bosses were smart, they would have handed the secure boot operations over to a non-commercial entity, such as MITRE.

I think you're still missing the point. Microsoft aren't running 'secure boot operations'; the only reason they have to get involved at all is that you can be sure that every system will come with their key pre-installed for obvious economic reasons, and it's fairly safe to assume that nearly no manufacturers will bother including any other keys. That's the inevitable situation regardless of who initiated the standardisation effort, and it's not in Microsoft's control.

Let's say MITRE had a key that they use to sign binaries upon request, and MS provided their binaries to be signed by it. They're still going to be signing those binaries themselves, and vendors would have no reason to bother including the MITRE key when they can cut out the middle man.

Hypothetically, the government could mandate that specific keys owned by a 'neutral' entity must *always* be pre-installed, and then start vigorously enforcing that requirement. That's pretty much the only way you could possibly persuade all the motherboard makers to do the extra work at no benefit for themselves.

Garrett: Subverting security with kexec

Posted Dec 5, 2013 15:15 UTC (Thu) by raven667 (subscriber, #5198) [Link] (1 responses)

I too would have liked more effort put in on a separate key infrastructure and paying vendors to include it but that's tens of millions of dollars at least and none of the Linux vendors wanted to pony up. Another angle would be to create a user friendly EFI key manager application that can be included by vendors to make it easy with a standard UI to be your own CA. If the vendors have to do less work to check off their feature list they will do it and we could make our friendly key manager a de-facto standard.

Garrett: Subverting security with kexec

Posted Dec 5, 2013 15:24 UTC (Thu) by mjg59 (subscriber, #23239) [Link]

MOKManager basically is a standardised UI that lets you be your own CA, but you need a Microsoft signature to get it running in the first place.

Garrett: Subverting security with kexec

Posted Dec 5, 2013 20:39 UTC (Thu) by ballombe (subscriber, #9523) [Link] (4 responses)

As long as Microsoft (and hence the NSA) has the master key, it does not protect the user. It only gives a false sense of security (probably the actual purpose).

Garrett: Subverting security with kexec

Posted Dec 5, 2013 22:18 UTC (Thu) by mathstuf (subscriber, #69389) [Link]

You can revoke the Microsoft key in SecureBoot if you don't trust them. Sure, you have to trust that the key is actually removed, but is that really much different than trusting the manufacturer from not putting something in the hardware directly anyways?

Garrett: Subverting security with kexec

Posted Dec 5, 2013 22:34 UTC (Thu) by raven667 (subscriber, #5198) [Link] (2 responses)

That would be interesting if that actually happened because it would be highly visible and undeniable if there were multiple bootloaders, one being clearly malware when reverse engineered, that were both signed by the same key. There is evidence against this theory though in that with Stuxnet they expended a large amount of resources to develop a new and novel hash collision attack to generate a bogus certificate and did not use the actual MS key. This leads me to believe that the NSA doesn't have the ability to access the MS private key, although that could just be what they want you to think 8-).

A salient point is that whatever method is used can only be used once, it will be identified and then be useless.

Garrett: Subverting security with kexec

Posted Dec 6, 2013 5:02 UTC (Fri) by dashesy (guest, #74652) [Link] (1 responses)

I thought the hash collision was a myth, in fact there are plenty of hardware companies with easier/buyable access to private keys, when all it takes is a rogue USB dongle with automatic driver installation.

Garrett: Subverting security with kexec

Posted Dec 6, 2013 5:32 UTC (Fri) by raven667 (subscriber, #5198) [Link]

No, it's not a myth, the data is out there for anyone to see and was based on reverse engineering Stuxnet and Flame

http://arstechnica.com/security/2012/06/flame-crypto-brea...

Garrett: Subverting security with kexec

Posted Dec 4, 2013 18:16 UTC (Wed) by mjg59 (subscriber, #23239) [Link] (34 responses)

"how is this any different to, say, booting a virtual machine that has booted on a Secure Boot host?"

User transparency. If you can boot a virtual machine that does full hardware passthrough for everything and doesn't break any of the user's own virtual machines, you could use that approach. But you can't do that with Linux as your kernel, so you'd still need some way to actually boot your micro-hypervisor. Like, say, kexec.

"like the bootloader that loads Windows will just be accepted as a valid bootloader and not checked at all by Windows code in a Secure Boot environment."

Well, yes. How would Windows check its bootloader? And even if it could, you've just loaded the kernel - stub out that check before jumping into it.

"Surely this should mean worldwide blacklisting of that signed bootloader, no?"

The appropriate thing for *any* CA to do when they've signed something that's being used to compromise other signed operating systems is to blacklist that signature. Failing to do so would render the entire exercise pointless.

Garrett: Subverting security with kexec

Posted Dec 4, 2013 20:38 UTC (Wed) by nybble41 (subscriber, #55106) [Link] (22 responses)

> The appropriate thing for *any* CA to do when they've signed something that's being used to compromise other signed operating systems is to blacklist that signature. Failing to do so would render the entire exercise pointless.

The exercise seems pointless to begin with, except as a way for Microsoft to make it more difficult to run non-Windows operating systems. Even if they insisted on a fully-locked-down system, with no support for unsigned drivers and no unpatched vulnerabilities, malware could still run an unsecured system in a VM. (And if they could achieve that state in the first place, they wouldn't need to worry about malware.) The guarantees made by Secure Boot are insufficient to protect against malware, which really only leaves the anti-competitive aspects.

Garrett: Subverting security with kexec

Posted Dec 4, 2013 20:45 UTC (Wed) by mjg59 (subscriber, #23239) [Link] (21 responses)

Driver signing is enforced when Secure Boot is enabled. But yes, a system with unpatched vulnerabilities is obviously still insecure. The point of Secure Boot is to prevent malware from persisting in the system even after the vulnerability is patched.

"malware could still run an unsecured system in a VM"

It's true, it could. But that would be obvious to the user.

Garrett: Subverting security with kexec

Posted Dec 4, 2013 22:49 UTC (Wed) by dlang (guest, #313) [Link] (20 responses)

> It's true, it could. But that would be obvious to the user.

no, if the host OS boots quickly and starts the VM and gives it the full screen, it will not be "obvious to the user"

I've seen enough people running systems with VMs that were setup by someone else without trying to hide that it's a VM and seen the users not understand that they are in a VM to say that it's obvious to the user only applies to a rather savvy user in the best of conditions.

Garrett: Subverting security with kexec

Posted Dec 4, 2013 22:52 UTC (Wed) by mjg59 (subscriber, #23239) [Link] (19 responses)

I'll believe it once someone demonstrates a workable attack based on it.

Garrett: Subverting security with kexec

Posted Dec 4, 2013 23:12 UTC (Wed) by dlang (guest, #313) [Link] (18 responses)

how do you define a workable attack?

I'm saying that someone could put together a system that booted and then showed the user a OS in a VM and the vast majority of users would not realize they were in a VM

I'm not saying that it's easy to take over someone's system and do this to their existing system without them noticing, that's a different question.

you have repeatedly made the statement that the user would notice that they are in a VM, if it's full-screen I don't see how the user would notice. Since you are the one claiming that they will, why don't you explain how they would notice.

Garrett: Subverting security with kexec

Posted Dec 4, 2013 23:38 UTC (Wed) by mjg59 (subscriber, #23239) [Link] (17 responses)

"I'm not saying that it's easy to take over someone's system and do this to their existing system without them noticing, that's a different question"

It's the only relevant question, so my confusion should be understandable.

Garrett: Subverting security with kexec

Posted Dec 4, 2013 23:56 UTC (Wed) by dlang (guest, #313) [Link] (16 responses)

I disagree, what you are asking for is a full, polished exploit ready to run.

I have long since passed the point of requiring a demonstration of a full exploit before believing that there is a problem, and I've seen far too many people make themselves look really silly by insisting that something wasn't possible because they had not seen an exploit yet (including one notable incident where the VP of security generated a large conference call late at night due to an exploit a customer discovered and reported to us were the engineering manager spent a good 5 minutes berating everyone for calling it an exploit instead of an "alleged exploit" because he hadn't seen it work the way the rest of us had)

something could be crafted to only do it's work while the screen is blanked (i.e. the system is on, but the user isn't doing anything) and escape notice of the changes that way.

or just pop up a window saying that an upgrade is being installed, it's not that hard to make a popup that looks like an official microsoft upgrade notice, and the user will let the changes and reboot happen, and not be surprised if the boot messages look a little different afterwords.

But you keep saying that the user would notice that they were running in a VM, not that they would notice their system being converted to be a VM, so my question is how would they notice that they are running in a VM?

Garrett: Subverting security with kexec

Posted Dec 5, 2013 0:00 UTC (Thu) by mjg59 (subscriber, #23239) [Link] (15 responses)

What are you using as the hypervisor? How are you starting it?

Garrett: Subverting security with kexec

Posted Dec 5, 2013 0:07 UTC (Thu) by luto (subscriber, #39314) [Link] (14 responses)

QEMU on KVM, with graphics assigned to the guest using VT-d, started from init, quickly, because modern kernels boot quickly.

Garrett: Subverting security with kexec

Posted Dec 5, 2013 0:16 UTC (Thu) by dlang (guest, #313) [Link]

> because modern kernels boot quickly.

especially if you shut off all the output, what's a few seconds longer in booting, especially if there's a splash screen saying that the system is installing an upgrade.

Users are trained to expect such things to happen unpredictably

Garrett: Subverting security with kexec

Posted Dec 5, 2013 0:17 UTC (Thu) by mjg59 (subscriber, #23239) [Link] (11 responses)

Graphics? You're going to need more than that. How's suspend going to work? Backlight control? The user's going to have a different set of mixers. They're not going to be able to run any VMs themselves. And that's ignoring the fairly significant issue that primary VGA passthrough basically doesn't work.

Garrett: Subverting security with kexec

Posted Dec 5, 2013 0:25 UTC (Thu) by luto (subscriber, #39314) [Link] (8 responses)

If the point of secure boot is to make it so that insufficiently clever malicious bootloaders prevent users from running their own VMs, suspending, or controlling their backlight, then I have serious questions about its utility.

Garrett: Subverting security with kexec

Posted Dec 5, 2013 0:31 UTC (Thu) by mjg59 (subscriber, #23239) [Link] (7 responses)

Without Secure Boot: Gaining administrative access permits you to persistently compromise the running system in a way that is 100% transparent to the user
With Secure Boot: Gaining administrative access permits you to persistently compromise the running system only at the cost of breaking a great deal of highly user-visible functionality

That sounds like an improvement to me.

Garrett: Subverting security with kexec

Posted Dec 5, 2013 0:59 UTC (Thu) by dlang (guest, #313) [Link] (6 responses)

you haven't given any fundamental reason why "breaking a great deal of highly user-visible functionality" must happen

I won't argue that with the tools available today it doesn't happen. I don't know that it does or not, but the state of the tools today isn't the issue. The state of the tools in the future is the issue. There are other reasons for making it so that the functionality isn't broken, so it's not just the black hats that will try and change this.

you are trying to add a lot of stuff that will have to be maintained forever, if the benefits only last until tools that users want to have for very legitimate reasons work better than they do today, why should we accept the permanent maintenance effort?

Garrett: Subverting security with kexec

Posted Dec 5, 2013 1:03 UTC (Thu) by mjg59 (subscriber, #23239) [Link] (5 responses)

The tools the black hats need have to be incorporated into a signed hypervisor, and nobody's going to just sign something like Blue Pill. That means the attacker needs to be able to use an existing hypervisor to provide complete hardware passthrough, and implementing that's not a priority for anyone.

Garrett: Subverting security with kexec

Posted Dec 5, 2013 1:13 UTC (Thu) by luto (subscriber, #39314) [Link] (3 responses)

But only KVM needs to be signed. QEMU is just a regular userspace program, and AFAICT all of the problems preventing this kind of attack from working are problems with QEMU, not with KVM.

IMO the fundamental design problem with Secure Boot is that it *expects* to run unsigned userspace code. (Of course, changing that would probably be unpalatable.)

Garrett: Subverting security with kexec

Posted Dec 5, 2013 1:39 UTC (Thu) by mjg59 (subscriber, #23239) [Link] (2 responses)

And how do you get KVM to pass through anything that isn't a PCI device?

Garrett: Subverting security with kexec

Posted Dec 5, 2013 1:52 UTC (Thu) by luto (subscriber, #39314) [Link] (1 responses)

Perhaps by mucking with enough PCI configuration space registers that the kernel thinks it's a PCI device. Does the kernel lock down sysfs enough to prevent this kind of shenanigans?

Alternatively, I bet that everything could be emulated well enough to make the VM seem fully functional. There's a userspace interface to ACPI, after all...

Garrett: Subverting security with kexec

Posted Dec 5, 2013 2:33 UTC (Thu) by mjg59 (subscriber, #23239) [Link]

"Does the kernel lock down sysfs enough to prevent this kind of shenanigans?"

Under Secure Boot, yes.

"There's a userspace interface to ACPI, after all..."

Not under Secure Boot.

Garrett: Subverting security with kexec

Posted Dec 8, 2013 12:06 UTC (Sun) by Otus (subscriber, #67685) [Link]

> That means the attacker needs to be able to use an existing hypervisor to provide complete hardware passthrough

What do you need complete passthrough for? (Against normal users. Even if the user's VMs break, that seems insufficient motivation for Secure Boot.)

If the scenario is that the user closes a laptop lid and expects the system to suspend, the host system can handle it normally. The guest doesn't even need to know it was suspended – how would the user tell?

If it's that the user tells the system to suspend through a software menu, can't the guest communicate that request to a host process through a side channel, like the network? No need to involve the signed hypervisor. (If userspace can't suspend, no such menu can exist, so this isn't a scenario the attacker even needs to consider.)

As I understand, none of the guest software or the userspace host software will be signed, so they can be replaced or modified by the attacker as needed. What is it about suspend they can't accomplish under Secure Boot that would be user visible?

Garrett: Subverting security with kexec

Posted Dec 9, 2013 9:56 UTC (Mon) by mst@redhat.com (guest, #60682) [Link] (1 responses)

qemu-kvm is only complex because it needs to run multiple guests on the
same host, with extra features such as isolation, migration etc.
If all your hyprevisor has to do is trap access to secureboot and forward the rest to the hardware, it's much easier.

Garrett: Subverting security with kexec

Posted Dec 9, 2013 14:30 UTC (Mon) by mjg59 (subscriber, #23239) [Link]

What kernel functionality would you use to implement that?

Garrett: Subverting security with kexec

Posted Dec 5, 2013 0:19 UTC (Thu) by mjg59 (subscriber, #23239) [Link]

(Oh, and enough of the hardware will have changed that Windows will suddenly want to be reactivated, but a naive user might not realise that that's a bad thing)

Garrett: Subverting security with kexec

Posted Dec 4, 2013 20:56 UTC (Wed) by heijo (guest, #88363) [Link] (10 responses)

This doesn't work, because Microsoft is not going to blacklist anything when a code execution exploit in the Linux kernel appears next.

The whole Secure Boot idea is idiotic and useless, except possibly to make it harder for newbie programmers to write malware from scratch.

A reasonable system needs at least to only trust the keys for one specific OS distribution (say, Windows 8.1 64-bit) instead of for all OSes on Earth, and prevent writing to partitions belonging to other OSes in the SATA controller hardware.

Garrett: Subverting security with kexec

Posted Dec 4, 2013 21:04 UTC (Wed) by mjg59 (subscriber, #23239) [Link] (9 responses)

Microsoft have made it clear that they'll blacklist anything that's being actively used in attacks.

Garrett: Subverting security with kexec

Posted Dec 5, 2013 8:14 UTC (Thu) by oldtomas (guest, #72579) [Link]

> Microsoft have made it clear...

Sorry, mjg. With all due respect. Microsoft "have made clear" so many things in the short time of their existence that this argument doesn't carry any weight for me.

Microsoft will do whatever their management considers opportune at the time they've to take the decision, regardless of whatever they "make clear" now.

Garrett: Subverting security with kexec

Posted Dec 9, 2013 12:16 UTC (Mon) by paulj (subscriber, #341) [Link] (7 responses)

So Linux must lose functionality (kexec, logically VMs should too - see other thread) in order to appease MS?

Garrett: Subverting security with kexec

Posted Dec 9, 2013 14:31 UTC (Mon) by mjg59 (subscriber, #23239) [Link] (6 responses)

No. Features that allow you to trivially circumvent Secure Boot must be reimplemented in ways that don't permit you to do that. I don't believe that VMs fall into that category.

Garrett: Subverting security with kexec

Posted Dec 9, 2013 15:12 UTC (Mon) by paulj (subscriber, #341) [Link] (5 responses)

Reimplement? You mean actually disable, as with kexec? So the plan is to reimplement or disable the easy ways for ordinary users to run their own code (least, kexec was generally useful enough for it to be added to the kernel)? That leaves just the more esoteric ways, which might be beyond ordinary users, but I'm pretty sure aren't going to stop any of the black-hats or the kiddies that get their hands on their toolkits.

You dismiss the VM circumvention as being noticeable to a user. At best, that's only with the currently distributed VM software. However, several people contend that even the current VM software already is good enough to fool many. Of course, these VM circumventions won't get worse, they'll only get better, as more software is written and as hardware gets faster.

For the rest, the kernel is still *full* of exploits, and the way the kernel is developed there's no reason to believe that will change. Pre-login user-land similarly has a long, continuing history of lots of bugs, and these of course can be exploited to allow exploits to be reboot-persistent, even *with* SecureBoot booting a "trusted" kernel and "trusted" user-space binaries (though, the latter isn't done at present, so the current situation isn't even as involved as that).

This is tilting at the windmills. Stripping useful features for security benefits that are meaningful *only if you exclude the people who write the exploits* from the adversary set, and perhaps to placate a *feared* possible reaction from Microsoft. Yay SecureBoot!

Garrett: Subverting security with kexec

Posted Dec 9, 2013 15:25 UTC (Mon) by mjg59 (subscriber, #23239) [Link] (4 responses)

No, I mean reimplement, as discussed in the original article.

Garrett: Subverting security with kexec

Posted Dec 9, 2013 15:33 UTC (Mon) by paulj (subscriber, #341) [Link] (3 responses)

The article which ends with:

"And that's the story of why kexec is disabled on Fedora when Secure Boot is enabled."

? :)

Garrett: Subverting security with kexec

Posted Dec 9, 2013 15:41 UTC (Mon) by mjg59 (subscriber, #23239) [Link] (2 responses)

Yes, up until the point where the reimplementation is complete. If you want kexec, disable Secure Boot.

Garrett: Subverting security with kexec

Posted Dec 9, 2013 18:24 UTC (Mon) by dashesy (guest, #74652) [Link] (1 responses)

What about a non-dual-boot system? After all, I am not sure why one wants to keep Windows8, the user experience is horrible, and no body cares to write apps for it anyways.
Perhaps if there was a Fedora version that could be installed, without disabling anything in the BIOS, and only without dual-boot, it could save kexec from wrath of Microsoft?
Maybe it is time to ask users if they want to use Linux in its full potential, and if yes they have to remove Windows partition altogether.

Garrett: Subverting security with kexec

Posted Dec 9, 2013 18:45 UTC (Mon) by mjg59 (subscriber, #23239) [Link]

We could ship a version that wasn't signed with the Microsoft key, but you wouldn't be able to install it without modifying settings in the BIOS.

Garrett: Subverting security with kexec

Posted Dec 4, 2013 22:02 UTC (Wed) by ebiederm (subscriber, #35028) [Link] (2 responses)

Fascinating. Introduce a security model that is incompatible with the unix tradition of trusting root, and then notice when the changes to introduce that security model are incomplete.

Garrett: Subverting security with kexec

Posted Dec 4, 2013 22:25 UTC (Wed) by mjg59 (subscriber, #23239) [Link] (1 responses)

You're talking about namespaces, right?

Garrett: Subverting security with kexec

Posted Dec 4, 2013 23:02 UTC (Wed) by Kit (guest, #55925) [Link]

No, obviously SELinux. I mean AppArmor.


Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds