| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABCJKucGtbZw_DCpnbUr7cQeU+_DF97YTeDVgPX7tTyPwNabog@mail.gmail.com> Date: Fri, 22 Aug 2025 12:36:47 -0700 From: Sami Tolvanen <samitolvanen@...gle.com> To: Jinchao Wang <wangjinchao600@...il.com> Cc: Luis Chamberlain <mcgrof@...nel.org>, Petr Pavlu <petr.pavlu@...e.com>, Daniel Gomez <da.gomez@...nel.org>, linux-modules@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 1/5] module: Fix module_sig_check() for modules with ignored modversions/vermagic On Fri, Aug 22, 2025 at 5:55 AM Jinchao Wang <wangjinchao600@...il.com> wrote: > > The current signature check logic incorrectly fails modules that have > valid signatures when the caller specifies MODULE_INIT_IGNORE_MODVERSIONS > or MODULE_INIT_IGNORE_VERMAGIC flags. This happens because the code > treats these flags as indicating a "mangled module" and skips signature > verification entirely. > > The key insight is that the intent of the caller (to ignore modversions > or vermagic) should not affect signature verification. A module with > a valid signature should be verified regardless of whether the caller > wants to ignore versioning information. Why would you need to ignore versions when loading signed modules? Here's the original series that added this check and I feel it's very much relevant still: https://lore.kernel.org/lkml/20160423184421.GL3348@decadent.org.uk/ Sami
Powered by blists - more mailing lists