lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9620.1359072894@warthog.procyon.org.uk>
Date:	Fri, 25 Jan 2013 00:14:54 +0000
From:	David Howells <dhowells@...hat.com>
To:	Kyle McMartin <kyle@...hat.com>
Cc:	dhowells@...hat.com, linux-kernel@...r.kernel.org,
	rusty@...tcorp.com.au, jstancek@...hat.com,
	Stephan Mueller <stephan.mueller@...ec.com>
Subject: Re: [PATCH] MODSIGN: flag modules that use cryptoapi and only panic if those are unsigned

Kyle McMartin <kyle@...hat.com> wrote:

> After thinking about it a while, this seems like the best way to solve
> the problem, although it does still kind of offend my delicate
> sensibilities...
> 
> Doing this check in the crypto layer seems kind of like a layering
> violation to me (and, to be honest, I think it'd be a gross-hack getting
> from the callee back to the caller module.)
> 
> Instead, doing it in kernel/module.c and looking at the undefined symbol
> list again looks to me like an ordering problem since we're doing the
> signature check before we've even done the elf header check. We'd have
> to move the panic to a part of the module code that may not necessarily
> make sense.
> 
> Whereas checking the undefined symbol list at modpost time is fairly
> logical, and adding a new MODULE_INFO entry in the CONFIG_CRYPTO_FIPS
> case is a well understood thing to do, and should catch all the crypto
> registrations regardless of where they exist in-tree...
> 
> Seems to build and work with both values of CONFIG_CRYPTO_FIPS.
> 
> Thoughts?

You can't rely on someone trying to sneak a dodgy crypto module in to set the
flag when they build it.  The detection thus needs to be done in the kernel
during the module load.

Can you search the module image for "crypto_register_" I wonder?  If that's
there, it's a crypto module.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ