lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87vcb3z1it.fsf@rustcorp.com.au>
Date:	Sat, 12 Jan 2013 11:00:02 +1030
From:	Rusty Russell <rusty@...tcorp.com.au>
To:	Josh Boyer <jwboyer@...il.com>, Chris Samuel <chris@...muel.org>
Cc:	linux-kernel@...r.kernel.org, dhowells@...hat.com
Subject: Re: [PATCH] MODSIGN: Warn when sign check fails due to -ENOKEY

Josh Boyer <jwboyer@...il.com> writes:

> On Fri, Jan 11, 2013 at 4:44 AM, Chris Samuel <chris@...muel.org> wrote:
>> /* Please CC me in responses, I am not subscribed to LKML */
>>
>> Currently if a signature check fails on module load due to not having
>> the appropriate key (-ENOKEY) and we are not doing strict checking
>> there is no information provided to the user other than the lock debug
>> taint warning:
>>
>> Disabling lock debugging due to kernel taint
>>
>> This patch causes a single warning to be emitted to explain why the
>> kernel is being tainted, before the above taint warning occurs.
>>
>> Module verification failed, required key not present, tainting kernel
>>
>> Found whilst trying to work out why all the 3.8 development kernels
>> I was building and testing were warning about taints and why all modules
>> were listed as forced load (F) in /proc/modules when that wasn't the
>> case in the 3.5, 3.6 or 3.7 kernels I'd tried.
>>
>> Signed-off-by: Christopher Samuel <chris@...muel.org>
>> ---
>>  kernel/module.c |    4 +++-
>>  1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/kernel/module.c b/kernel/module.c
>> index 250092c..27de534 100644
>> --- a/kernel/module.c
>> +++ b/kernel/module.c
>> @@ -2443,8 +2443,10 @@ static int module_sig_check(struct load_info *info)
>>         if (err < 0 && fips_enabled)
>>                 panic("Module verification failed with error %d in FIPS
>> mode\n",
>>                       err);
>> -       if (err == -ENOKEY && !sig_enforce)
>> +       if (err == -ENOKEY && !sig_enforce) {
>> +               printk_once(KERN_DEBUG "Module verification failed, required
>> key not present, tainting kernel\n");
>>                 err = 0;
>> +       }
>>         return err;
>
> I'd suggest putting the printk in load_module where we call the
> add_taint_module function instead.  Also, you might want to make the
> priority a bit higher if it's meant to be informative.  Something like
> KERN_INFO.

Agreed.  KERN_NOTICE, I think: we really want to see if someone's
inserting an unsigned module!

Cheers,
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ