linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Steven Rostedt <rostedt@goodmis.org>
To: Dan Aloni <dan@kernelim.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
	linux-kernel@vger.kernel.org,
	kernel-hardening@lists.openwall.com,
	Petr Mladek <pmladek@suse.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Kees Cook <keescook@chromium.org>
Subject: Re: [PATCHv2 5/7] printk: allow kmsg to be encrypted using public key encryption
Date: Mon, 15 Jan 2018 07:52:31 -0500	[thread overview]
Message-ID: <20180115075231.0d435fec@gandalf.local.home> (raw)
In-Reply-To: <20180114080108.GA69022@gmail.com>

On Sun, 14 Jan 2018 10:01:08 +0200
Dan Aloni <dan@kernelim.com> wrote:

> On Sun, Jan 14, 2018 at 10:48:01AM +0900, Sergey Senozhatsky wrote:
> > Ccing Kees, Peter, Andrew, Steven
> > 
> > On (01/13/18 23:34), Dan Aloni wrote:  
> > > This commit enables the kernel to encrypt the free-form text that
> > > is generated by printk() before it is brought up to `dmesg` in
> > > userspace.
> > > 
> > > The encryption is made using one of the trusted public keys which
> > > are kept built-in inside the kernel. These keys are presently
> > > also used for verifying kernel modules and userspace-supplied
> > > firmwares.  
> > 
> > OK, this is the first time I'm receiving it, yet it's v2 already.
> > I'm Cc-ed on only this particular patch, not the entire patch set;
> > so it's hard to tell what else is being touched and why, so I'm
> > going to start with the basic questions.  
> 
> Sorry, here the link to cover letter:
> 
>     https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1585442.html
> 
> I guess --cc-cover && --to-cover should be default.
> 
> > are you fixing the real problem? that's because you see unhashed
> > kernel pointers in dmesg or is there anything else?  
> 
> In brief, the problem is that any information leak has the potential
> to make exploitation easier. The changes include documentation for
> the feature, where more details are provided.
> 

I'm very skeptical that such an approach has much benefit. From the
email referenced above:

> I am not sure that desktop and power users would like to have their
> kernel message encrypted, but there are scenarios such as in mobile
> devices, where only the developers, makers of devices, may actually
> benefit from access to kernel prints messages, and the users may be
> more protected from exploits.

Do you have any backing from makers of such devices? I'd like to hear
from Google's Android team or whoever that would turn this feature on.

I would be hard pressed to add such a feature if it's never used.

-- Steve

  reply	other threads:[~2018-01-15 12:55 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-13 21:34 [PATCHv2 0/7] RFC: Public key encryption of dmesg by the kernel Dan Aloni
2018-01-13 21:34 ` [PATCHv2 1/7] crypto: fix memory leak in rsa-kcs1pad encryption Dan Aloni
2018-01-13 21:34 ` [PATCHv2 2/7] Move net/ceph/armor to lib/ and add docs Dan Aloni
2018-01-13 21:34 ` [PATCHv2 3/7] base64-armor: add bounds checking Dan Aloni
2018-01-13 21:34 ` [PATCHv2 4/7] certs: allow in-kernel access of trusted keys Dan Aloni
2018-01-13 21:34 ` [PATCHv2 5/7] printk: allow kmsg to be encrypted using public key encryption Dan Aloni
2018-01-14  1:48   ` Sergey Senozhatsky
2018-01-14  8:01     ` Dan Aloni
2018-01-15 12:52       ` Steven Rostedt [this message]
2018-01-16  2:09         ` Sergey Senozhatsky
2018-01-16 23:44         ` [kernel-hardening] " Daniel Micay
2018-01-17 15:01           ` Steven Rostedt
2018-01-13 21:34 ` [PATCHv2 6/7] tools: add dmesg decryption program Dan Aloni
2018-01-13 21:34 ` [PATCHv2 7/7] docs: add dmesg encryption doc Dan Aloni
2018-01-15  9:11 ` [PATCHv2 4/7] certs: allow in-kernel access of trusted keys David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180115075231.0d435fec@gandalf.local.home \
    --to=rostedt@goodmis.org \
    --cc=akpm@linux-foundation.org \
    --cc=dan@kernelim.com \
    --cc=keescook@chromium.org \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=peterz@infradead.org \
    --cc=pmladek@suse.com \
    --cc=sergey.senozhatsky@gmail.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).