| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Jul 2015 10:12:21 +0100
From: David Woodhouse <dwmw2@...radead.org>
To: David Howells <dhowells@...hat.com>,
Andy Lutomirski <luto@...nel.org>
Cc: jmorris@...ei.org, mcgrof@...il.com, keyrings@...ux-nfs.org,
linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [GIT PULL] MODSIGN: Use PKCS#7 for module signatures
On Mon, 2015-07-27 at 23:43 +0100, David Howells wrote:
>
> PKCS#7: Require authenticated attributes
>
> Require there to be authenticated attributes in the PKCS#7/CMS message so
> that an attacker can't drop them to provide greater opportunity for
> manipulating the message.
There doesn't seem to be a lot of point in this part. If the
authenticated attribute isn't being *checked*, then the attacker
doesn't need to drop it at all. There's no point in merely requiring
its *existence*.
As part of the firmware signatures, if we are asked to check the
filename then yes we should require it to be present *and* match. But
if we aren't checking (which we can't for modules since we don't know
what's being loaded), why require it to be present at all?
--
David Woodhouse Open Source Technology Centre
David.Woodhouse@...el.com Intel Corporation
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5691 bytes)
Powered by blists - more mailing lists