lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160423184421.GL3348@decadent.org.uk>
Date:	Sat, 23 Apr 2016 19:44:21 +0100
From:	Ben Hutchings <ben@...adent.org.uk>
To:	Rusty Russell <rusty@...tcorp.com.au>
Cc:	David Howells <dhowells@...hat.com>,
	David Woodhouse <dwmw2@...radead.org>,
	keyrings@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 0/3] Module signing and version info

If a module signing key is used for multiple kernel builds, it is
critical that the modules for each build can be distinguished.
This series makes force-loading invalidate module signatures and
documents the importance of module version info when reusing a key
for multiple builds.

Ben.

Ben Hutchings (3):
  module: Invalidate signatures on force-loaded modules
  Documentation/module-signing.txt: Note need for version info if
    reusing a key
  module: Disable MODULE_FORCE_LOAD when MODULE_SIG_FORCE is enabled

 Documentation/module-signing.txt |  6 ++++++
 init/Kconfig                     |  1 +
 kernel/module.c                  | 13 +++++++++----
 3 files changed, 16 insertions(+), 4 deletions(-)


Download attachment "signature.asc" of type "application/pgp-signature" (812 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ