lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200730141232.GA31539@linux-8ccs>
Date:   Thu, 30 Jul 2020 16:12:32 +0200
From:   Jessica Yu <jeyu@...nel.org>
To:     Christoph Hellwig <hch@....de>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 8/8] modules: inherit TAINT_PROPRIETARY_MODULE

+++ Christoph Hellwig [30/07/20 08:10 +0200]:
>If a TAINT_PROPRIETARY_MODULE exports symbol, inherit the taint flag
>for all modules importing these symbols, and don't allow loading
>symbols from TAINT_PROPRIETARY_MODULE modules if the module previously
>imported gplonly symbols.  Add a anti-circumvention devices so people
>don't accidentally get themselves into trouble this way.
>
>Comment from Greg:
> Ah, the proven-to-be-illegal "GPL Condom" defense :)
>
>Signed-off-by: Christoph Hellwig <hch@....de>
>Reviewed-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
>---
> include/linux/module.h |  1 +
> kernel/module.c        | 12 ++++++++++++
> 2 files changed, 13 insertions(+)
>
>diff --git a/include/linux/module.h b/include/linux/module.h
>index 30b0f5fcdb3c37..e30ed5fa33a738 100644
>--- a/include/linux/module.h
>+++ b/include/linux/module.h
>@@ -389,6 +389,7 @@ struct module {
> 	unsigned int num_gpl_syms;
> 	const struct kernel_symbol *gpl_syms;
> 	const s32 *gpl_crcs;
>+	bool using_gplonly_symbols;
>
> #ifdef CONFIG_UNUSED_SYMBOLS
> 	/* unused exported symbols. */
>diff --git a/kernel/module.c b/kernel/module.c
>index afb2bfdd5134b3..04f993863ae417 100644
>--- a/kernel/module.c
>+++ b/kernel/module.c
>@@ -1456,6 +1456,18 @@ static const struct kernel_symbol *resolve_symbol(struct module *mod,
> 	if (!sym)
> 		goto unlock;
>
>+	if (license == GPL_ONLY)
>+		mod->using_gplonly_symbols = true;
>+
>+	if (owner && test_bit(TAINT_PROPRIETARY_MODULE, &owner->taints)) {
>+		if (mod->using_gplonly_symbols) {
>+			sym = NULL;
>+			goto getname;
>+		}
>+		add_taint_module(mod, TAINT_PROPRIETARY_MODULE,
>+				 LOCKDEP_NOW_UNRELIABLE);
>+	}

Sorry that I didn't think of this yesterday, but I'm wondering if we
should print a warning before add_taint_module(). Maybe something
along the lines of, "%s: module uses symbols from proprietary module
%s, inheriting taint.", with %s being mod->name, owner->name. We can
check mod->taints for TAINT_PROPRIETARY_MODULE and print the warning once.

Additionally, maybe it's a good idea to print an error before goto
getname (e.g., "%s: module using GPL-only symbols uses symbols from
proprietary module %s."), so one would know why the module load
failed, right now this manifests itself as an unknown symbol error.

Otherwise, this patchset looks good to me and I agree with it in
principle. Thanks Christoph!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ