lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20200206164226.24875-1-eric.snowberg@oracle.com>
Date:   Thu,  6 Feb 2020 11:42:24 -0500
From:   Eric Snowberg <eric.snowberg@...cle.com>
To:     zohar@...ux.ibm.com, dmitry.kasatkin@...il.com, jmorris@...ei.org,
        serge@...lyn.com
Cc:     dhowells@...hat.com, geert@...ux-m68k.org,
        gregkh@...uxfoundation.org, nayna@...ux.ibm.com,
        eric.snowberg@...cle.com, tglx@...utronix.de,
        bauerman@...ux.ibm.com, mpe@...erman.id.au,
        linux-integrity@...r.kernel.org,
        linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [RFC PATCH 0/2] ima: uncompressed module appraisal support

When booting with either "ima_policy=secure_boot module.sig_enforce=1"
or building a kernel with CONFIG_IMA_ARCH_POLICY and booting with
"ima_policy=secure_boot", module loading behaves differently based on if
the module is compressed or not.  Originally when appraising a module
with ima it had to be uncompressed and ima signed.  Recent changes in 5.4 
have allowed internally signed modules to load [1].  But this only works 
if the internally signed module is compressed.  The uncompressed module
that is internally signed must still be ima signed. This patch series
tries to bring the two in line.

I'm sending this as an RFC in case this was done intentionally.  Or
maybe there is another way around this problem?  I also realize the 
uncompressed module will be verified again with module_sig_check.  I'm 
open to suggestions on improvement if this is seen as a problem.

[1] https://patchwork.kernel.org/cover/10986023

Eric Snowberg (2):
  ima: Implement support for uncompressed module appended signatures
  ima: Change default secure_boot policy to include appended signatures

 security/integrity/digsig.c           | 9 +++++++--
 security/integrity/ima/ima_appraise.c | 3 +++
 security/integrity/ima/ima_policy.c   | 4 ++--
 security/integrity/integrity.h        | 3 ++-
 4 files changed, 14 insertions(+), 5 deletions(-)

-- 
2.18.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ