| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140213104429.478b56e8@gandalf.local.home> Date: Thu, 13 Feb 2014 10:44:29 -0500 From: Steven Rostedt <rostedt@...dmis.org> To: fche@...hat.com (Frank Ch. Eigler) Cc: Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, Ingo Molnar <mingo@...nel.org>, linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, Rusty Russell <rusty@...tcorp.com.au>, David Howells <dhowells@...hat.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: Re: [RFC PATCH] Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE On Thu, 13 Feb 2014 10:36:35 -0500 fche@...hat.com (Frank Ch. Eigler) wrote: > > rostedt wrote: > > > [...] > > Oh! You are saying that if the kernel only *supports* signed modules, > > and you load a module that is not signed, it will taint the kernel? > > Yes: this is the default for several distros. > Rusty, Ingo, This looks like a bug to me, as it can affect even in-tree kernel modules. If you have a kernel that supports signed modules, and you modify a module, recompile it, apply it, since it is no longer signed, then it sounds like we just tainted it. Worse yet, we just disabled any tracepoints on that module, which means it is even harder to debug that module (if that's the reason you recompiled it in the first place). -- Steve -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists