| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <67abc3a2-80c9-7223-37c2-e15bbecdcd00@infradead.org>
Date: Mon, 5 Mar 2018 18:13:19 -0800
From: Randy Dunlap <rdunlap@...radead.org>
To: Alexei Starovoitov <ast@...nel.org>, davem@...emloft.net
Cc: daniel@...earbox.net, torvalds@...ux-foundation.org,
gregkh@...uxfoundation.org, mcgrof@...nel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
kernel-team@...com, linux-api@...r.kernel.org
Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf
binaries
Hi,
On 03/05/2018 05:34 PM, Alexei Starovoitov wrote:
> diff --git a/kernel/module.c b/kernel/module.c
> index ad2d420024f6..6cfa35795741 100644
> --- a/kernel/module.c
> +++ b/kernel/module.c
> @@ -3669,6 +3683,17 @@ static int load_module(struct load_info *info, const char __user *uargs,
> if (err)
> goto free_copy;
>
> + if (info->hdr->e_type == ET_EXEC) {
> +#ifdef CONFIG_MODULE_SIG
> + if (!info->sig_ok) {
> + pr_notice_once("umh %s verification failed: signature and/or required key missing - tainting kernel\n",
That's not a very friendly message to tell a user. "umh" eh?
> + info->file->f_path.dentry->d_name.name);
> + add_taint(TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK);
> + }
And since the signature failed, why is it being loaded at all?
Is this in the "--force" load path?
> +#endif
> + return 0;
> + }
> +
> /* Figure out module layout, and allocate all the memory. */
> mod = layout_and_allocate(info, flags);
> if (IS_ERR(mod)) {
thanks,
--
~Randy
Powered by blists - more mailing lists