| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Feb 2013 12:05:43 -0500
From: Vivek Goyal <vgoyal@...hat.com>
To: Dmitry Kasatkin <dmitry.kasatkin@...el.com>
Cc: linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC 2/2] initramfs with digital signature protection
On Tue, Feb 05, 2013 at 02:34:50PM +0200, Dmitry Kasatkin wrote:
[..]
> +static int __init load_initramfs(void)
> +{
> + static char *argv[] = { "pre-init", NULL, };
> + extern char *envp_init[];
> + int err;
> +
> + /*
> + * In case that a resume from disk is carried out by linuxrc or one of
> + * its children, we need to tell the freezer not to wait for us.
> + */
> + current->flags |= PF_FREEZER_SKIP;
> +
> + err = call_usermodehelper_fns("/pre-init", argv, envp_init,
> + UMH_WAIT_PROC, init_init, init_cleanup,
> + NULL);
> +
> + current->flags &= ~PF_FREEZER_SKIP;
> +
> + pr_info("initramfs_sig /pre-init completed: %d\n", err);
> +
Dmitry,
How do we make sure that this is the first call to user mode helpers. I
see that we first unpacked unsigned initramfs. Then after a while we
unpacked signed initramfs on /root and did a chroot. But now there is
a window before chroot, where kernel might call into /sbin/hotplug or
/sbin/modprobe from unsigned initramfs?
Specifically, I put some printk and I am seeing calls to /sbin/hotplug
before we even unpacked signed initramfs.
Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists