lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 15 Jul 2015 17:16:07 +0800
From:	Dave Young <dyoung@...hat.com>
To:	linux-kernel@...r.kernel.org, kexec@...ts.infradead.org
Cc:	jwboyer@...oraproject.org, tytso@....edu, ptesarik@...e.cz,
	dhowells@...hat.com, ebiederm@...ssion.com, vgoyal@...hat.com
Subject: Re: [PATCH 0/3] kexec: refactor CONFIG_KEXEC/CONFIG_KEXEC_FILE
 Kconfig

On 07/13/15 at 10:13am, Dave Young wrote:
> Previously Theodore Ts'o brought up an issue about kexec_load syscall bypassing
> signature verification:
> https://lkml.org/lkml/2015/6/14/280
> 
> Because we have two kexec load syscall, one kexec_load, another kexec_file_load,
> the latter one was introduced by Vivek Goyal, it is mainly for supporting UEFI
> secure boot. kexec_file_load verifies kernel signature, but even if with
> CONFIG_KEXEC_VERIFY_SIG=y and CONFIG_KEXEC_FILE=y, kexec-tools still can use
> old syscall and bypass signature verification.
> 
> KEXEC_FILE can also be used without UEFI, so kexec can always verify kernel
> signature for security purpose. 
> 
> The suggestion in above thread is add a new Kconfig option for kexec common
> code, here I use KEXEC_CORE, KEXEC and KEXEC_FILE select KEXEC_CORE so one can
> compile only KEXEC_FILE without old kexec_load syscall.
> 
> There's checkpatch warnings and errors, I would like to send furthuer cleanup
> patches after this series. Please let me know if you have other suggestions.
> checkpatch errors are for cases such as assign a value to static variables.
> 
> PATCH 3/3 can be sort out from the series if people do not like. It is a
> cleanup for a macro.

Since it is not related to the Kconfig cleanup thus I will drop it in
next update, will send out as a standalone patch later.

Also there's a kexec-tools patch needed for testing KEXEC_FILE only, I forgot
to mention, will take it in cover letter when I repost:

---
 kexec/crashdump-elf.c |    9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

--- kexec-tools.orig/kexec/crashdump-elf.c
+++ kexec-tools/kexec/crashdump-elf.c
@@ -145,11 +145,12 @@ int FUNC(struct kexec_info *info,
 
 	count_cpu = nr_cpus;
 	for (i = 0; count_cpu > 0; i++) {
-		if (get_note_info(i, &notes_addr, &notes_len) < 0) {
-			/* This cpu is not present. Skip it. */
-			continue;
-		}
+		int ret;
+
+		ret = get_note_info(i, &notes_addr, &notes_len);
 		count_cpu--;
+		if (ret < 0) /* This cpu is not present. Skip it. */
+			continue;
 
 		phdr = (PHDR *) bufp;
 		bufp += sizeof(PHDR);

Thanks
Dave
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ