Re: [PATCH 00/23] Crypto keys and module signing
From: Mimi Zohar
Date: Mon Jun 04 2012 - 08:49:08 EST
On Mon, 2012-06-04 at 11:01 +0930, Rusty Russell wrote:
> On Fri, 25 May 2012 16:42:19 +0100, David Howells <dhowells@xxxxxxxxxx> wrote:
> >
> > Hi Rusty,
> >
> > If you prefer to have userspace extract the module signature and pass it in
> > uargs, here's a tree that will do that:
> >
> > http://git.kernel.org/?p=linux/kernel/git/dhowells/linux-modsign.git;a=shortlog;h=refs/heads/modsign-uarg
>
> OK, there's merit in this approach: it certainly moves the argument
> about how to encode the signature out of my backyard :)
>
> Should we just bite the bullet and create a new syscall:
>
> SYSCALL_DEFINE5(init_module2, void __user *, umod,
> unsigned long, len, const char __user *, uargs,
> unsigned int, siglen, const char __user *, sig)
>
> But I'm easily swayed if you prefer the current approach.
>
> Thanks,
> Rusty.
If you're really considering creating a new syscall, then perhaps this
discussion should include passing the file descriptor instead of a
buffer and signature. As I said https://lkml.org/lkml/2012/5/25/261, I
don't know the historical reasons for passing a buffer instead of the
file descriptor itself. If the file descriptor was passed, it would
allow IMA-appraisal, which is in the process of being upstreamed, to
verify and enforce file data and metadata integrity like on the other
hooks open, execve, and mmap.
thanks,
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/