lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Mar 2018 19:02:12 -0800 From: Alexei Starovoitov <ast@...com> To: Randy Dunlap <rdunlap@...radead.org>, Alexei Starovoitov <ast@...nel.org>, <davem@...emloft.net> CC: <daniel@...earbox.net>, <torvalds@...ux-foundation.org>, <gregkh@...uxfoundation.org>, <mcgrof@...nel.org>, <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <kernel-team@...com>, <linux-api@...r.kernel.org> Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf binaries On 3/5/18 6:13 PM, Randy Dunlap wrote: > Hi, > > On 03/05/2018 05:34 PM, Alexei Starovoitov wrote: > >> diff --git a/kernel/module.c b/kernel/module.c >> index ad2d420024f6..6cfa35795741 100644 >> --- a/kernel/module.c >> +++ b/kernel/module.c > >> @@ -3669,6 +3683,17 @@ static int load_module(struct load_info *info, const char __user *uargs, >> if (err) >> goto free_copy; >> >> + if (info->hdr->e_type == ET_EXEC) { >> +#ifdef CONFIG_MODULE_SIG >> + if (!info->sig_ok) { >> + pr_notice_once("umh %s verification failed: signature and/or required key missing - tainting kernel\n", > > That's not a very friendly message to tell a user. "umh" eh? umh is an abbreviation known to kernel newbies: https://kernelnewbies.org/KernelProjects/usermode-helper-enhancements The rest of the message is copy paste of existing one. >> + info->file->f_path.dentry->d_name.name); >> + add_taint(TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK); >> + } > > And since the signature failed, why is it being loaded at all? because this is how regular kernel modules deal with it. sig_enforce is handled earlier. > Is this in the "--force" load path? --force forces modver and modmagic. These things don't apply here.
Powered by blists - more mailing lists