[PATCH 5/6] MODSIGN: Export module signature definitions.

[PATCH 0/6] Appended signatures support for IMA appraisal · Thiago Jung Bauermann <hidden> · 2017-04-18
[PATCH 2/6] ima: Tidy up constant strings · Thiago Jung Bauermann <hidden> · 2017-04-18
[PATCH 3/6] ima: Simplify policy_func_show. · Thiago Jung Bauermann <hidden> · 2017-04-18
Re: [PATCH 3/6] ima: Simplify policy_func_show. · Mimi Zohar <hidden> · 2017-04-20
Re: [PATCH 3/6] ima: Simplify policy_func_show. · Thiago Jung Bauermann <hidden> · 2017-04-20
Re: [PATCH 3/6] ima: Simplify policy_func_show. · Mimi Zohar <hidden> · 2017-04-21
Re: [PATCH 3/6] ima: Simplify policy_func_show. · Thiago Jung Bauermann <hidden> · 2017-04-24
[PATCH 1/6] integrity: Small code improvements · Thiago Jung Bauermann <hidden> · 2017-04-18
[PATCH 6/6] ima: Support appended signatures for appraisal · Thiago Jung Bauermann <hidden> · 2017-04-18
Re: [PATCH 6/6] ima: Support appended signatures for appraisal · kbuild test robot <hidden> · 2017-04-20
Re: [PATCH 6/6] ima: Support appended signatures for appraisal · Thiago Jung Bauermann <hidden> · 2017-04-20
Re: [PATCH 6/6] ima: Support appended signatures for appraisal · Mehmet Kayaalp <hidden> · 2017-04-26
Re: [PATCH 6/6] ima: Support appended signatures for appraisal · Thiago Jung Bauermann <hidden> · 2017-04-27
Re: [PATCH 6/6] ima: Support appended signatures for appraisal · Mehmet Kayaalp <hidden> · 2017-04-27
Re: [PATCH 6/6] ima: Support appended signatures for appraisal · Mimi Zohar <hidden> · 2017-04-26
Re: [PATCH 6/6] ima: Support appended signatures for appraisal · Thiago Jung Bauermann <hidden> · 2017-04-26
[PATCH 5/6] MODSIGN: Export module signature definitions. · Thiago Jung Bauermann <hidden> · 2017-04-18
Re: [PATCH 5/6] MODSIGN: Export module signature definitions. · Mimi Zohar <hidden> · 2017-04-20
Re: [PATCH 5/6] MODSIGN: Export module signature definitions. · David Howells <dhowells@redhat.com> · 2017-04-20
Re: [PATCH 5/6] MODSIGN: Export module signature definitions. · Thiago Jung Bauermann <hidden> · 2017-04-20
[PATCH 4/6] ima: Log the same audit cause whenever a file has no signature · Thiago Jung Bauermann <hidden> · 2017-04-18

From: dhowells@redhat.com (David Howells)
Date: 2017-04-20 14:37:43
Also in: linux-crypto, lkml

Mimi Zohar [off-list ref] wrote:

On Tue, 2017-04-18 at 17:17 -0300, Thiago Jung Bauermann wrote:

quoted

IMA will use the module_signature format for append signatures, so export
the relevant definitions and factor out the code which verifies that the
appended signature trailer is valid.

Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it
and be able to use validate_module_signature without having to depend on
CONFIG_MODULE_SIG.

Basically we want to generalize the concept of an appended signature.
?Referring to it as a "module signature format" seems a bit confusing.

David, would you have a problem with changing the appended string from
"~Module signature appended~\n" to something more generic?

Conceptually, no.  Is it possible that doing so could break someone's module
that they load on multiple versions of the kernel?  Say a module that only
exports things and doesn't use anything from the core or any other module.

Also, it needs to reasonably long and distinct enough to prevent a false
positive match.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help