From: Alexander Holler <holler@ahsoftware.de>
To: Alexander Holler <holler@ahsoftware.de>
Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Rusty Russell <rusty@rustcorp.com.au>,
David Howells <dhowells@redhat.com>,
Josh Boyer <jwboyer@redhat.com>,
David Woodhouse <dwmw2@infradead.org>
Subject: Re: [PATCH RESEND/V2] crypto: Ignore validity dates of X.509 certificates at loading/parsing time
Date: Thu, 06 Jun 2013 13:17:23 +0200 [thread overview]
Message-ID: <51B06FC3.8090405@ahsoftware.de> (raw)
In-Reply-To: <1367503746-6431-1-git-send-email-holler@ahsoftware.de>
Am 02.05.2013 16:09, schrieb Alexander Holler:
> I don't see any real use case where checking the validity dates of X.509
> certificates at parsing time adds any security gain. In contrast, doing so
> makes MODSIGN unusable on systems without a RTC (or systems with a possible
> wrong date in a existing RTC, or systems where the RTC is read after the keys
> got loaded).
>
> If something really cares about the dates, it should check them at the time
> when the certificates are used, not when they are loaded and parsed.
>
> So just remove the validity check of the dates in the parser.
>
> Signed-off-by: Alexander Holler <holler@ahsoftware.de>
> Cc: stable@vger.kernel.org
As it just happened to me again and I've recently posted some patches
which do make it possible to experience the problem on x86 systems too,
here is a reminder.
To replay the problem (on x86 or any other arch), apply the 3 patches in
this series:
https://lkml.org/lkml/2013/6/5/430
build a kernel with CONFIG_MODULE_SIG_FORCE=y and start that kernel with
hctosys=none as kernel command line parameter.
This will disable the "persistent" clock (and any RTC), thus the kernel
will refuse to load modules because it doesn't has a valid time when
loading the certificate.
Regards,
Alexander Holler
WARNING: multiple messages have this Message-ID (diff)
From: Alexander Holler <holler@ahsoftware.de>
To: Alexander Holler <holler@ahsoftware.de>
Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
Herbert Xu <herbert@gondor.hengli.com.au>,
"David S. Miller" <davem@davemloft.net>,
Rusty Russell <rusty@rustcorp.com.au>,
David Howells <dhowells@redhat.com>,
Josh Boyer <jwboyer@redhat.com>,
David Woodhouse <dwmw2@infradead.org>
Subject: Re: [PATCH RESEND/V2] crypto: Ignore validity dates of X.509 certificates at loading/parsing time
Date: Thu, 06 Jun 2013 13:17:23 +0200 [thread overview]
Message-ID: <51B06FC3.8090405@ahsoftware.de> (raw)
In-Reply-To: <1367503746-6431-1-git-send-email-holler@ahsoftware.de>
Am 02.05.2013 16:09, schrieb Alexander Holler:
> I don't see any real use case where checking the validity dates of X.509
> certificates at parsing time adds any security gain. In contrast, doing so
> makes MODSIGN unusable on systems without a RTC (or systems with a possible
> wrong date in a existing RTC, or systems where the RTC is read after the keys
> got loaded).
>
> If something really cares about the dates, it should check them at the time
> when the certificates are used, not when they are loaded and parsed.
>
> So just remove the validity check of the dates in the parser.
>
> Signed-off-by: Alexander Holler <holler@ahsoftware.de>
> Cc: stable@vger.kernel.org
As it just happened to me again and I've recently posted some patches
which do make it possible to experience the problem on x86 systems too,
here is a reminder.
To replay the problem (on x86 or any other arch), apply the 3 patches in
this series:
https://lkml.org/lkml/2013/6/5/430
build a kernel with CONFIG_MODULE_SIG_FORCE=y and start that kernel with
hctosys=none as kernel command line parameter.
This will disable the "persistent" clock (and any RTC), thus the kernel
will refuse to load modules because it doesn't has a valid time when
loading the certificate.
Regards,
Alexander Holler
next prev parent reply other threads:[~2013-06-06 11:18 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-27 18:41 [PATCH] crypto: Ignore validity dates of X.509 certificates at loading/parsing time Alexander Holler
2013-03-27 18:41 ` Alexander Holler
2013-05-02 14:09 ` [PATCH RESEND/V2] " Alexander Holler
2013-05-02 14:09 ` Alexander Holler
2013-06-06 11:17 ` Alexander Holler [this message]
2013-06-06 11:17 ` Alexander Holler
2013-06-07 2:13 ` Rusty Russell
2013-06-07 2:13 ` Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51B06FC3.8090405@ahsoftware.de \
--to=holler@ahsoftware.de \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=jwboyer@redhat.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.