lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 28 Apr 2020 13:05:23 +0800
From:   Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
To:     jeyu@...nel.org, corbet@....net, rdunlap@...radead.org,
        mchehab+samsung@...nel.org, tglx@...utronix.de,
        akpm@...ux-foundation.org, gregkh@...uxfoundation.org,
        pawan.kumar.gupta@...ux.intel.com, jgross@...e.com
Cc:     linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org,
        tianjia.zhang@...ux.alibaba.com
Subject: [PATCH v2] module: Allow to disable modsign in kernel cmdline

This option allows to disable modsign completely at the beginning,
and turn off by set the kernel cmdline `no_modsig_enforce` when
`CONFIG_MODULE_SIG_FORCE` is enabled.

Yet another change allows to always show the current status of
modsign through `/sys/module/module/parameters/sig_enforce`.

Signed-off-by: Jia Zhang <zhang.jia@...ux.alibaba.com>
Signed-off-by: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
---
 Documentation/admin-guide/kernel-parameters.txt | 6 ++++++
 kernel/module.c                                 | 8 ++++++++
 2 files changed, 14 insertions(+)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 7bc83f3d9bdf..00ed7566959f 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3190,6 +3190,12 @@
 	noirqdebug	[X86-32] Disables the code which attempts to detect and
 			disable unhandled interrupt sources.
 
+	no_modsig_enforce
+			[KNL] When CONFIG_MODULE_SIG_FORCE is set, this option
+			allows to disable modsign completely at the beginning.
+			This means that modules without (valid) signatures will
+			success to load.
+
 	no_timer_check	[X86,APIC] Disables the code which tests for
 			broken timer IRQ sources.
 
diff --git a/kernel/module.c b/kernel/module.c
index 646f1e2330d2..0e68e1286377 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -269,6 +269,14 @@ static void module_assert_mutex_or_preempt(void)
 
 static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
 module_param(sig_enforce, bool_enable_only, 0644);
+#ifdef CONFIG_MODULE_SIG_FORCE
+static int __init set_no_modsig_enforce(char *str)
+{
+	sig_enforce = false;
+	return 1;
+}
+__setup("no_modsig_enforce", set_no_modsig_enforce);
+#endif /* !CONFIG_MODULE_SIG_FORCE */
 
 /*
  * Export sig_enforce kernel cmdline parameter to allow other subsystems rely
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ