lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Jan 2014 14:46:23 +0800 From: "Lee, Chun-Yi" <joeyli.kernel@...il.com> To: rusty@...tcorp.com.au, dhowells@...hat.com Cc: linux-kernel@...r.kernel.org, Chun-Yi Lee <jlee@...e.com>, Josh Boyer <jwboyer@...hat.com>, Randy Dunlap <rdunlap@...otime.net>, Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>, Michal Marek <mmarek@...e.com> Subject: [PATCH] MODSIGN: Fix including certificate twice when the signing_key.x509 From: Chun-Yi Lee <jlee@...e.com> This issue was found in devel-pekey branch on linux-modsign.git tree. The x509_certificate_list includes certificate twice when the signing_key.x509 already exists. We can reproduce this issue by making kernel twice, the build log of second time looks like this: ... CHK kernel/config_data.h CERTS kernel/x509_certificate_list - Including cert /ramdisk/working/joey/linux-modsign/signing_key.x509 - Including cert signing_key.x509 ... Actually the build path was the same with the srctree path when building kernel. It causes the size of bzImage increased by packaging certificates twice. v2: Using '$(shell /bin/pwd)' instead of '$(shell pwd)' for more reliable between different shells Cc: Rusty Russell <rusty@...tcorp.com.au> Cc: Josh Boyer <jwboyer@...hat.com> Cc: Randy Dunlap <rdunlap@...otime.net> Cc: Herbert Xu <herbert@...dor.apana.org.au> Cc: "David S. Miller" <davem@...emloft.net> Cc: Michal Marek <mmarek@...e.com> Signed-off-by: Chun-Yi Lee <jlee@...e.com> Signed-off-by: David Howells <dhowells@...hat.com> --- kernel/Makefile | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/kernel/Makefile b/kernel/Makefile index bc010ee..582fa7a 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -136,7 +136,10 @@ $(obj)/timeconst.h: $(obj)/hz.bc $(src)/timeconst.bc FORCE # ############################################################################### ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y) -X509_CERTIFICATES-y := $(wildcard *.x509) $(wildcard $(srctree)/*.x509) +X509_CERTIFICATES-y := $(wildcard *.x509) +ifneq ($(shell /bin/pwd), $(srctree)) +X509_CERTIFICATES-y += $(wildcard $(srctree)/*.x509) +endif X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += $(objtree)/signing_key.x509 X509_CERTIFICATES-raw := $(sort $(foreach CERT,$(X509_CERTIFICATES-y), \ $(or $(realpath $(CERT)),$(CERT)))) -- 1.6.4.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists