Conversation

Andrey Konovalov

@andreyknvl

·

Jan 29, 2020

Implemented a PoC for disabling kernel lockdown on Ubuntu via a keyboard emulated through USB/IP, CC

@mjg59

github.com

GitHub - xairy/unlockdown: Disabling kernel lockdown on Ubuntu without physical access

Disabling kernel lockdown on Ubuntu without physical access - GitHub - xairy/unlockdown: Disabling kernel lockdown on Ubuntu without physical access

2

33

85

Andrey Konovalov

@andreyknvl

"After speaking with the security team, we've come to an agreement that removing the lockdown lift sysrq is the best thing to do." Huh.

bugs.launchpad.net

Bug #1861238 “Root can lift kernel lockdown via USB/IP” : Bugs : linux package : Ubuntu

[Impact] It's possible to turn off kernel lockdown by emulating a USB keyboard via USB/IP and sending an Alt+SysRq+X key combination through it. Ubuntu's kernels have USB/IP enabled (CONFIG_USBIP_V...

1:31 PM · Feb 8, 2020·Twitter Web App

1

Like

Matthew Garrett

@mjg59

·

Feb 8, 2020

Replying to

@andreyknvl

There's a reason I didn't include it as part of the upstream patchset