lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20150715093623.GC5424@dhcp-128-92.nay.redhat.com>
Date:	Wed, 15 Jul 2015 17:36:23 +0800
From:	Dave Young <dyoung@...hat.com>
To:	linux-kernel@...r.kernel.org, kexec@...ts.infradead.org
Cc:	jwboyer@...oraproject.org, tytso@....edu, ptesarik@...e.cz,
	dhowells@...hat.com, ebiederm@...ssion.com, vgoyal@...hat.com
Subject: Re: [PATCH 0/3] kexec: refactor CONFIG_KEXEC/CONFIG_KEXEC_FILE
 Kconfig

On 07/15/15 at 05:16pm, Dave Young wrote:
> On 07/13/15 at 10:13am, Dave Young wrote:
> > Previously Theodore Ts'o brought up an issue about kexec_load syscall bypassing
> > signature verification:
> > https://lkml.org/lkml/2015/6/14/280
> > 
> > Because we have two kexec load syscall, one kexec_load, another kexec_file_load,
> > the latter one was introduced by Vivek Goyal, it is mainly for supporting UEFI
> > secure boot. kexec_file_load verifies kernel signature, but even if with
> > CONFIG_KEXEC_VERIFY_SIG=y and CONFIG_KEXEC_FILE=y, kexec-tools still can use
> > old syscall and bypass signature verification.
> > 
> > KEXEC_FILE can also be used without UEFI, so kexec can always verify kernel
> > signature for security purpose. 
> > 
> > The suggestion in above thread is add a new Kconfig option for kexec common
> > code, here I use KEXEC_CORE, KEXEC and KEXEC_FILE select KEXEC_CORE so one can
> > compile only KEXEC_FILE without old kexec_load syscall.
> > 
> > There's checkpatch warnings and errors, I would like to send furthuer cleanup
> > patches after this series. Please let me know if you have other suggestions.
> > checkpatch errors are for cases such as assign a value to static variables.
> > 
> > PATCH 3/3 can be sort out from the series if people do not like. It is a
> > cleanup for a macro.
> 
> Since it is not related to the Kconfig cleanup thus I will drop it in
> next update, will send out as a standalone patch later.
> 
> Also there's a kexec-tools patch needed for testing KEXEC_FILE only, I forgot
> to mention, will take it in cover letter when I repost:

BTW, it is the case below:
kernel: CONFIG_KEXEC_FILE only,
kexec-tools: do not use '-s' option, it should check kexec_load(2) earlier
and fail out. but below code is still a fix to a code problem. 

kexec -s -p work ok without the fix.

> 
> ---
>  kexec/crashdump-elf.c |    9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> --- kexec-tools.orig/kexec/crashdump-elf.c
> +++ kexec-tools/kexec/crashdump-elf.c
> @@ -145,11 +145,12 @@ int FUNC(struct kexec_info *info,
>  
>  	count_cpu = nr_cpus;
>  	for (i = 0; count_cpu > 0; i++) {
> -		if (get_note_info(i, &notes_addr, &notes_len) < 0) {
> -			/* This cpu is not present. Skip it. */
> -			continue;
> -		}
> +		int ret;
> +
> +		ret = get_note_info(i, &notes_addr, &notes_len);
>  		count_cpu--;
> +		if (ret < 0) /* This cpu is not present. Skip it. */
> +			continue;
>  
>  		phdr = (PHDR *) bufp;
>  		bufp += sizeof(PHDR);
> 
> Thanks
> Dave
> 
> _______________________________________________
> kexec mailing list
> kexec@...ts.infradead.org
> http://lists.infradead.org/mailman/listinfo/kexec
> 
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ