lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.LNX.2.00.1501131555510.4162@pobox.suse.cz>
Date:	Tue, 13 Jan 2015 15:57:10 +0100 (CET)
From:	Jiri Kosina <jkosina@...e.cz>
To:	David Howells <dhowells@...hat.com>,
	Rusty Russell <rusty@...tcorp.com.au>,
	Jonathan Corbet <corbet@....net>
cc:	linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org
Subject: [PATCH] MODSIGN: /proc/keys is not unconditionally available

Documentation/module-signing.txt file is referring to /proc/keys file in 
order to view all keys contained in the kernel's keyring. That file is not 
universally avialble when CONFIG_KEYS is enabled, which is confusing. The 
fact that the option needed for this procfs interface to exist contains 
"_DEBUG_" in its name makes it even more confusing. Document this fact.

Signed-off-by: Jiri Kosina <jkosina@...e.cz>
---
 Documentation/module-signing.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt
index 09c2382..09be78d 100644
--- a/Documentation/module-signing.txt
+++ b/Documentation/module-signing.txt
@@ -152,6 +152,9 @@ in a keyring called ".system_keyring" that can be seen by:
 	302d2d52 I------     1 perm 1f010000     0     0 asymmetri Fedora kernel signing key: d69a84e6bce3d216b979e9505b3e3ef9a7118079: X509.RSA a7118079 []
 	...
 
+CONFIG_KEYS_DEBUG_PROC_KEYS needs to be enabled for the above procfs interface
+to be available.
+
 Beyond the public key generated specifically for module signing, any file
 placed in the kernel source root directory or the kernel build root directory
 whose name is suffixed with ".x509" will be assumed to be an X.509 public key

-- 
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ