| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200218125748.5085929c@gandalf.local.home>
Date: Tue, 18 Feb 2020 12:57:48 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: Borislav Petkov <bp@...en8.de>
Cc: Masami Hiramatsu <mhiramat@...nel.org>,
linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [for-next][PATCH 04/26] bootconfig: Add Extra Boot Config
support
On Tue, 18 Feb 2020 14:27:24 +0100
Borislav Petkov <bp@...en8.de> wrote:
> Btw, if you remove the boot config with the tool (-d) and still boot
> with "bootconfig" it says:
>
> [ 0.043958] bootconfig size -23483140 greater than max size 32767
I was aware of this but after you reported this, I don't like it.
Masami,
Can you add code to insert "magic" text at the start of the bootconfig
appended to the initrd file? Perhaps just have "BOOTCONFIG", and then
if it's not there we warn "bootconfig on command line but not found in
the initrd". I'm starting to not like relying on the size and checksum
only to determine if the bootconfig exists. We need to get this patch
before 5.6 is released.
>
> so you need to check presence of bootconfig blob and limits in the
> parsing code too or so.
>
> In any case, this is only my opinion, of course, and I might very well
> be missing something.
OK, what if we put it as default 'n' but we still check if "bootconfig"
is on the command line. And if it is, we warn with something like:
#ifndef CONFIG_BOOTCONFIG
pr_err("WARNING: 'bootconfig' found on the kernel command line but CONFIG_BOOTCONFIG is not set in this kernel\n");
#endif
-- Steve
Powered by blists - more mailing lists