lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160423184514.GO3348@decadent.org.uk>
Date:	Sat, 23 Apr 2016 19:45:15 +0100
From:	Ben Hutchings <ben@...adent.org.uk>
To:	Rusty Russell <rusty@...tcorp.com.au>
Cc:	David Howells <dhowells@...hat.com>,
	David Woodhouse <dwmw2@...radead.org>,
	keyrings@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 3/3] module: Disable MODULE_FORCE_LOAD when MODULE_SIG_FORCE
 is enabled

Force-loading now fails if signature enforcement is enabled, so if
signature enforcement is statically enabled then we may as well
disable it completely.

Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
 init/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/init/Kconfig b/init/Kconfig
index e0d26162432e..269533088a1b 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1853,6 +1853,7 @@ if MODULES
 config MODULE_FORCE_LOAD
 	bool "Forced module loading"
 	default n
+	depends on !MODULE_SIG_FORCE
 	help
 	  Allow loading of modules without version information (ie. modprobe
 	  --force).  Forced module loading sets the 'F' (forced) taint flag and

Download attachment "signature.asc" of type "application/pgp-signature" (812 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ