lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1432039613.29806.75.camel@infradead.org>
Date:	Tue, 19 May 2015 13:46:53 +0100
From:	David Woodhouse <dwmw2@...radead.org>
To:	David Howells <dhowells@...hat.com>
Cc:	Andy Lutomirski <luto@...nel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Michal Marek <mmarek@...e.cz>,
	Abelardo Ricart III <aricart@...nix.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Sedat Dilek <sedat.dilek@...il.com>, keyrings@...ux-nfs.org,
	Rusty Russell <rusty@...tcorp.com.au>,
	LSM List <linux-security-module@...r.kernel.org>,
	Borislav Petkov <bp@...en8.de>, Jiri Kosina <jkosina@...e.cz>
Subject: Re: Should we automatically generate a module signing key at all?

On Tue, 2015-05-19 at 09:53 +0100, David Howells wrote:
> 
> Just in Fedora 21:
> 
> warthog>rpm -ql kernel-modules | grep [.]ko | wc -l
> 3604
> warthog>rpm -ql kernel-modules-extra | grep [.]ko | wc -l
> 480
> 
> So that's >4000 modules, each signed with a SHA256 sum (32 bytes).  That's
> more than 125K of unswappable memory.  And it's uncompressible as Dave pointed
> out.  And that doesn't include any metadata to match a module to a digest, but
> rather assumes we just scan through the entire list comparing against each
> SHA256 sum until we find one that matches.

If you *really* wanted to do it, there might be ways round this
explosion of data.

Perhaps the kernel only contains *one* sha256 ― the sha256 of all the
sha256's of all the modules.

Then when one module is loaded, we also have to pass in a table
containing all the other sha256's. The kernel checks the sha256 of what's being loaded, checks it matches what's in the table that was 
also
loaded. And then validates the integrity of that table.

I don't much like that idea, mind you.

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse@...el.com                              Intel Corporation

Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5691 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ