lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 8 May 2015 14:11:37 +0300
From:	Andrey Skvortsov <andrej.skvortzov@...il.com>
To:	Michal Marek <mmarek@...e.cz>
Cc:	maximilian attems <max@...o.at>,
	Ben Hutchings <ben@...adent.org.uk>,
	linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] builddeb: fix stripped module signatures if
 CONFIG_DEBUG_INFO and CONFIG_MODULE_SIG_ALL are set

On 06 May, Michal Marek wrote:
> On 2015-05-04 17:37, Andrey Skvortsov wrote:
> > On 22 Apr, maximilian attems wrote:
> >> On Tue, Apr 21, 2015 at 03:58:48PM +0200, Michal Marek wrote:
> >>> (added Max to Cc)
> >>>
> >>> On 2015-03-16 09:20, Andrey Skvortsov wrote:
> >>>> If CONFIG_MODULE_SIG_ALL is set, then user expects that all modules are
> >>>> automatically signed in the result package, as it's for rpm-pkg, binrpm-pkg,
> >>>> tar, tar-*. For deb-pkg this is correct only if CONFIG_DEBUG_INFO
> >>>> is NOT set. In that case deb-package contains signed modules.
> >>>>
> >>>> But if CONFIG_DEBUG_INFO is set, builddeb creates separate package with
> >>>> debug information. To do that, debug information from all modules
> >>>> is copied into separate files by objcopy. And loadable kernel modules are
> >>>> stripped afterwards. Stripping removes previously (during modules_install)
> >>>> added signatures from loadable kernel modules. Therefore final deb-package
> >>>> contains unsigned modules despite of set option CONFIG_MODULE_SIG_ALL.
> >>>>
> >>>> This patch resigns all stripped modules if CONFIG_MODULE_SIG_ALL is set
> >>>> to solve this problem.
> >>>>
> >>>> Signed-off-by: Andrey Skvortsov <andrej.skvortzov@...il.com>
> >>>
> >>> Max, Ben, are you fine with this patch? It looks OK to me, the
> >>> modules_sign target has been added for this very purpose.
> >>>
> >>
> >> Ben seems busy with the release, so jumping in. The patch looks
> >> perfect to me.
> >>
> >> Acked-by: maximilian attems <max@...o.at>
> >>
> > Maximilian, thanks for the review.
> > 
> > Michal, are we waiting for Ben's acknowledge too?
> 
> I applied the patch to kbuild.git#misc now, after fixing the whitespace.
> Andrey, please use tabs for indentation, especially when the surrounding
> code is already using this style.

Thanks, Michal.

Sorry about whitespaces. I checked the patch with
checkpatch.pl before posting and it did not complain. I'll pay more
attention to patches for non-[ch] files.

-- 
Best regards,
Andrey Skvortsov

Secure eMail with gnupg: See http://www.gnupg.org/
PGP Key ID: 0x57A3AEAD

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists