lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c32eea69-b822-49fc-a078-1f1b2dea124d@canonical.com>
Date: Fri, 4 Oct 2024 21:06:39 -0700
From: John Johansen <john.johansen@...onical.com>
To: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
 Paul Moore <paul@...l-moore.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
 Jonathan Corbet <corbet@....net>, LKML <linux-kernel@...r.kernel.org>,
 linux-security-module@...r.kernel.org
Subject: Re: [GIT PULL] tomoyo update for v6.12

On 10/3/24 05:59, Tetsuo Handa wrote:
> On 2024/10/03 15:16, Tetsuo Handa wrote:
>>>> TOMOYO is one of in-tree modules that can be signed together when building
>>>> distribution kernels. Fedora can provide tomoyo.ko as a signed-but-unsupported
>>>> module (i.e. excluded from main kernel package that is supported by
>>>> distributors but provided as a separate package that is not supported by
>>>> distributors).
>>>>
>>> yes it can, it has chosen not to. As I have said before that is
>>> a choice/political reason, not technical. I wish I had a solution to this
>>> problem for you but I don't.
>>
>> What does "it" referring to? Fedora has chosen not to build TOMOYO into Fedora's
>> vmlinux. But I haven't heard from Fedora that Fedora won't ship tomoyo.ko as a
>> separate package.
> 
> Currently, a Linux distributor is an entity that provides kernel program and
> userspace program. But as the kernel code signing getting more important,
> the role of a Linux distributor regarding the kernel program might change as
> below?
> 
> Currently, people expect that "distributor takes care of handling all bugs
> that happens with kernel code built by that distributor". Due to bandwidth
> problem, distributor needs to disable kernel code which that distributor cannot
> take care of bugs. My understanding is that some distributors started providing
> separated kernel packages; the kernel package which that distributor can take
> care of bugs and the kernel package which that distributor cannot take care of
> bugs. The tomoyo.ko change is intended for being included in the latter package
> if that distributor cannot include in the former package.
> 
honestly its easier to just build a separate kernel package with tomoyo builtin.
Module packages can be done, but they are a pita.

> Since distributor needs to sign kernel code, I think this separation is becoming
> more inevitable. That is, people might need to change their expectation to that
> "distributor takes care of handling bugs that happens with kernel code in the
> former package, and somebody takes care of handling bugs that happens with kernel
> code in the latter package", and distributor's role is to compile as many kernel
> code as possible and sign all compiled kernel code so that the kernel code is
> compiled and shipped (and not tampered) by known entities; something like SSL
> certificates providers.
> 
Sure. Distribution already tell users they aren't using supported stuff. Ubuntu
builds in selinux, tomoyo, smack. We get a bug we tell them it is community
supported.

That has some overhead, but really not that much more than responding to the
bugs where users ask for feature X to be enabled. Or how to build a kernel with
feature X, ...

Ubuntu made a different decision than fedora around how best to support users.
I am not going to argue its right or wrong, just different. Again getting a
distro to change a config/stance is a political problem, not technical.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ