lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 12 Oct 2012 21:04:45 -0400
From:	Valdis Kletnieks <Valdis.Kletnieks@...edu>
To:	Rusty Russell <rusty@...tcorp.com.au>,
	David Howells <dhowells@...hat.com>
Cc:	linux-kernel@...r.kernel.org
Subject: CONFIG_MODULE_SIG breaks out-of-tree modules in modpost.

For starters, yes, I *do* understand the security issues involved, and
no, I *don't* want to hear about NVidia evilness, because this looks like
a modpost problem not an NVidia problem.

I built next-20121011 with CONFIG_MODULE_SIG=y, and MODULE_SIG_FORCE=n,
so that I could test the feature, and just accept that the nvidia module was going
to hand me 2 taints instead of one.

But then, building the NVidia module a wondrous thing happened, and it threw a
most inexplicable error:

  cp /usr/src/valdis/NVIDIA-Linux-x86_64-304.51/kernel/nvidia.ko.unsigned /usr/src/valdis/NVIDIA-Linux-x86_64-304.51/kernel/nvidia.ko.stripped && strip -x -g /usr/src/valdis/NVIDIA-Linux-x86_64-304.51/kernel/nvidia.ko.stripped && /usr/bin/eu-strip /usr/src/valdis/NVIDIA-Linux-x86_64-304.51/kernel/nvidia.ko.stripped
/bin/sh: -c: line 0: syntax error near unexpected token `;'
/bin/sh: -c: line 0: `set -e;  ; echo 'cmd_/usr/src/valdis/NVIDIA-Linux-x86_64-304.51/kernel/nvidia.ko := ' > /usr/src/valdis/NVIDIA-Linux-x86_64-304.51/kernel/.nvidia.ko.cmd'

Looks like somebody left a $(FOO) unset between the 2 ';' characters.  I wasn't
able to follow the way scripts/Makefile.modpost worked well enough to figure out
where that line gets built, there's way too many 'set -e' in the scripts/ tree.

Building with MODULE_SIG=n made it build just fine.

This *MAY* be related to this RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=655231


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ