lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1715.81.207.0.53.1171575112.squirrel@secure.samage.net>
Date:	Thu, 15 Feb 2007 22:31:52 +0100 (CET)
From:	"Indan Zupancic" <indan@....nu>
To:	"David Howells" <dhowells@...hat.com>
Cc:	"Linus Torvalds" <torvalds@...ux-foundation.org>,
	akpm@...ux-foundation.org, herbert.xu@...hat.com,
	linux-kernel@...r.kernel.org, davej@...hat.com,
	arjan@...radead.org, linux-crypto@...r.kernel.org
Subject: Re: [PATCH 0/6] MODSIGN: Kernel module signing

Hello,

On Wed, February 14, 2007 20:40, David Howells wrote:
> Linus Torvalds <torvalds@...ux-foundation.org> wrote:
>
>> >  (1) A cut-down MPI library derived from GPG with error handling added.
>>
>> Do we really need to add this?
>
> I presume you mean the MPI library specifically?  If so, then yes.  It's
> necessary to do DSA signature verification (or RSA for that matter).
>
>> Wouldn't it be much nicer to just teach people to use one of the existing
>> signature things that we need for _other_ cases anyway, and already have
>> merged?
>
> Existing signature things?  I know not of such beasts, nor can I see them
> offhand.

The question is if using DSA/RSA is the right choice for something like this.
I think that the symmetrically encrypted hash output as signature would provide
the same amount of security. The only additional requirement is that the key
can't be read by userspace. But if they can reach the kernel binary, they can
modify it too. Same for the bootloader, where you'd want the key and initial
checking anyway. Else this whole thing could be done in user space as Roman
Zippel said...

The ELF section stuff seems like unnecessary bloat too. Can't you use/extend
modinfo, or kernel symbols?

With the above changes the code should shrink to only a few hundred new lines
of code, instead of thousands, and signature checking will be much faster too.

Greetings,

Indan


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ