From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753973AbbESQaL (ORCPT ); Tue, 19 May 2015 12:30:11 -0400 Received: from lan.nucleusys.com ([92.247.61.126]:41617 "EHLO zztop.nucleusys.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751026AbbESQaF (ORCPT ); Tue, 19 May 2015 12:30:05 -0400 Date: Tue, 19 May 2015 18:50:10 +0300 From: Petko Manolov To: David Woodhouse Cc: dhowells@redhat.com, rusty@rustcorp.com.au, mmarek@suse.cz, mjg59@srcf.ucam.org, keyrings@linux-nfs.org, dmitry.kasatkin@gmail.com, mcgrof@suse.com, linux-kernel@vger.kernel.org, seth.forshee@canonical.com, linux-security-module@vger.kernel.org Subject: Re: [PATCH 10/8] modsign: Allow password to be specified for signing key Message-ID: <20150519155010.GA7549@localhost> Mail-Followup-To: David Woodhouse , dhowells@redhat.com, rusty@rustcorp.com.au, mmarek@suse.cz, mjg59@srcf.ucam.org, keyrings@linux-nfs.org, dmitry.kasatkin@gmail.com, mcgrof@suse.com, linux-kernel@vger.kernel.org, seth.forshee@canonical.com, linux-security-module@vger.kernel.org References: <20150515123513.16723.96340.stgit@warthog.procyon.org.uk> <1432046758.3277.36.camel@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1432046758.3277.36.camel@infradead.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Score: -1.0 (-) X-Spam-Report: Spam detection software, running on the system "zztop.nucleusys.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: On 15-05-19 15:45:58, David Woodhouse wrote: > We don't want this in the Kconfig since it might then get exposed in > /proc/config.gz. So make it a parameter to Kbuild instead. This also > means we don't have to jump through hoops to strip quotes from it, as > we would if it was a config option. [...] Content analysis details: (-1.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 15-05-19 15:45:58, David Woodhouse wrote: > We don't want this in the Kconfig since it might then get exposed in > /proc/config.gz. So make it a parameter to Kbuild instead. This also > means we don't have to jump through hoops to strip quotes from it, as > we would if it was a config option. If it were on a network-less, secure sign/build server i'd say it is OK. However, exposing your private key's password in an environment variable on a regular Linux box is a bit fishy. cheers, Petko