lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 31 Jul 2016 21:44:50 -0400
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Rusty Russell <rusty@...tcorp.com.au>
Cc:	lkml <linux-kernel@...r.kernel.org>,
	Ben Hutchings <ben@...adent.org.uk>,
	Jessica Yu <jeyu@...hat.com>, Jiri Kosina <jkosina@...e.cz>,
	Kees Cook <keescook@...omium.org>,
	Libor Pechacek <lpechacek@...e.com>,
	Paul Gortmaker <paul.gortmaker@...driver.com>,
	Prarit Bhargava <prarit@...hat.com>,
	Steven Rostedt <rostedt@...dmis.org>
Subject: Re: [PULL] modules-next

So this feels wrong to me, can you guys please explain:

On Sun, Jul 31, 2016 at 9:02 PM, Rusty Russell <rusty@...tcorp.com.au> wrote:
>
> Ben Hutchings (3):
>       module: Invalidate signatures on force-loaded modules
>       module: Disable MODULE_FORCE_LOAD when MODULE_SIG_FORCE is enabled

forcing a load and SIG_FORCE are entirely independent issues, afaik. I
think requiring signed modules is just a good idea. But that doesn't
necessarily mean that you don't have a signed module that is signed
with a key you trust, but you still want to force-load it for the
wrong kernel version (ie maybe you have a binary-only module from your
IT department (and your IT department is evil,but at least they sign
it to show that the module is trust-worthy as coming from them, even
if they have some dubious behavior), but you did some kernel updates
that still allow the module to work but the version doesn't match any
more).

Am I missing something? What's the connection between
MODULE_FORCE_LOAD and MODULE_SIG_FORCE? Because it smells like they
are independent and that the above changes are very very dubious.

I didn't actually pull the tree, I just reacted to the pull request itself.

             Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ