From: Rusty Russell <rusty@rustcorp.com.au>
To: Matthew Garrett <mjg59@google.com>
Cc: linux-kernel@vger.kernel.org, jeyu@kernel.org
Subject: Re: [PATCH] Allow automatic kernel taint on unsigned module load to be disabled
Date: Mon, 07 Aug 2017 12:19:28 +0930 [thread overview]
Message-ID: <8760e0xfbb.fsf@rustcorp.com.au> (raw)
In-Reply-To: <CACdnJutPrDvYtssnc=yVvWa_4oTRvigUhK+5J8s941oAoJDT6Q@mail.gmail.com>
Matthew Garrett <mjg59@google.com> writes:
> On Sat, Aug 5, 2017 at 11:54 PM, Rusty Russell <rusty@rustcorp.com.au> wrote:
>> Matthew Garrett <mjg59@google.com> writes:
>>> Distributions may wish to provide kernels that permit loading of
>>> unsigned modules based on certain policy decisions.
>>
>> Sorry, that's way too vague to accept this patch.
>>
>> So I'm guessing a binary module is behind this vagueness. If you want
>> some other method than signing to vet modules, please do it in
>> userspace. You can do arbitrary things that way...
>
> Binary modules will still be tainted by the license checker. The issue
> is that if you want to enforce module signatures under *some*
> circumstances, you need to build with CONFIG_MODULE_SIG
Not at all! You can validate them in userspace.
> but that
> changes the behaviour of the kernel even when you're not enforcing
> module signatures. The same kernel may be used in environments where
> you can verify the kernel and environments where you can't, and in the
> latter you may not care that modules are unsigned. In that scenario,
> tainting doesn't buy you anything.
With your patch, you don't get tainting in the environment where you can
verify.
You'd be better adding a sysctl or equiv. to turn off force loading, and
use that in your can-verify system.
Cheers,
Rusty.
next prev parent reply other threads:[~2017-08-07 2:51 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-04 18:07 [PATCH] Allow automatic kernel taint on unsigned module load to be disabled Matthew Garrett
2017-08-06 6:54 ` Rusty Russell
2017-08-06 17:34 ` Matthew Garrett
2017-08-07 2:49 ` Rusty Russell [this message]
2017-08-07 3:23 ` Matthew Garrett
2017-08-07 4:47 ` Rusty Russell
2017-08-07 5:31 ` Matthew Garrett
2017-08-10 20:43 ` Jessica Yu
2017-08-14 16:50 ` Matthew Garrett
2017-08-29 17:56 ` Jessica Yu
2017-08-29 20:22 ` Matthew Garrett
2017-08-29 22:02 ` Ben Hutchings
2017-10-18 18:27 ` Matthew Garrett
2018-01-30 19:00 ` Matthew Garrett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8760e0xfbb.fsf@rustcorp.com.au \
--to=rusty@rustcorp.com.au \
--cc=jeyu@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mjg59@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.