lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180327221137.d7fhboicw2wi3a52@redbean>
Date:   Wed, 28 Mar 2018 00:11:37 +0200
From:   Jessica Yu <jeyu@...nel.org>
To:     Jia Zhang <zhang.jia@...ux.alibaba.com>
Cc:     Rusty Russell <rusty@...tcorp.com.au>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 0/3][RESEND] modsign enhancement

+++ Jia Zhang [24/03/18 10:59 +0800]:
>This patch series allows to disable module validity enforcement
>in runtime through the control switch located in securityfs.
>
>In order to keep /sys/module/module/parameters/sig_enforce simple,
>the disablement switch is located at
>/sys/kernel/security/modsign/disable_enforce.
>
>Assuming CONFIG_MODULE_SIG_FORCE=n, here are the instructions to
>test this control switch.
>
># cat /sys/module/module/parameters/sig_enforce
>N
># echo 1 > /sys/module/module/parameters/sig_enforce
># cat /sys/module/module/parameters/sig_enforce
>Y
># echo -n 0 > no_sig_enforce
># openssl smime -sign -nocerts -noattr -binary -in no_sig_enforce \
>    -inkey <system_trusted_key> -signer <cert> -outform der \
>    -out /sys/kernel/security/modsign/disable_enforce
># cat /sys/module/module/parameters/sig_enforce
>N

I'm not convinced we need this. And neither the use case nor the
motivation is explained in the cover letter :-(

The way I see it - the only time you'd actually use this is in the
situation where you have *already* enabled sig_enforce, and then later
you change your mind - meaning you wanted to load unsigned modules
after all. And if you ever plan on loading unsigned modules, why would
you have enabled sig_enforce in the first place? If you want to keep
the option of loading unsigned modules, don't have sig_enforce or
CONFIG_MODULE_SIG_FORCE enabled.

[ CC'd Rusty in case he has some thoughts on this ]

Jessica

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ