From: Rusty Russell <rusty@rustcorp.com.au>
To: Matthew Garrett <mjg59@google.com>
Cc: linux-kernel@vger.kernel.org, jeyu@kernel.org
Subject: Re: [PATCH] Allow automatic kernel taint on unsigned module load to be disabled
Date: Mon, 07 Aug 2017 12:19:28 +0930 [thread overview]
Message-ID: <8760e0xfbb.fsf@rustcorp.com.au> (raw)
In-Reply-To: <CACdnJutPrDvYtssnc=yVvWa_4oTRvigUhK+5J8s941oAoJDT6Q@mail.gmail.com>
Matthew Garrett <mjg59@google.com> writes:
> On Sat, Aug 5, 2017 at 11:54 PM, Rusty Russell <rusty@rustcorp.com.au> wrote:
>> Matthew Garrett <mjg59@google.com> writes:
>>> Distributions may wish to provide kernels that permit loading of
>>> unsigned modules based on certain policy decisions.
>>
>> Sorry, that's way too vague to accept this patch.
>>
>> So I'm guessing a binary module is behind this vagueness. If you want
>> some other method than signing to vet modules, please do it in
>> userspace. You can do arbitrary things that way...
>
> Binary modules will still be tainted by the license checker. The issue
> is that if you want to enforce module signatures under *some*
> circumstances, you need to build with CONFIG_MODULE_SIG
Not at all! You can validate them in userspace.
> but that
> changes the behaviour of the kernel even when you're not enforcing
> module signatures. The same kernel may be used in environments where
> you can verify the kernel and environments where you can't, and in the
> latter you may not care that modules are unsigned. In that scenario,
> tainting doesn't buy you anything.
With your patch, you don't get tainting in the environment where you can
verify.
You'd be better adding a sysctl or equiv. to turn off force loading, and
use that in your can-verify system.
Cheers,
Rusty.
next prev parent reply other threads:[~2017-08-07 2:51 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-04 18:07 [PATCH] Allow automatic kernel taint on unsigned module load to be disabled Matthew Garrett
2017-08-06 6:54 ` Rusty Russell
2017-08-06 17:34 ` Matthew Garrett
2017-08-07 2:49 ` Rusty Russell [this message]
2017-08-07 3:23 ` Matthew Garrett
2017-08-07 4:47 ` Rusty Russell
2017-08-07 5:31 ` Matthew Garrett
2017-08-10 20:43 ` Jessica Yu
2017-08-14 16:50 ` Matthew Garrett
2017-08-29 17:56 ` Jessica Yu
2017-08-29 20:22 ` Matthew Garrett
2017-08-29 22:02 ` Ben Hutchings
2017-10-18 18:27 ` Matthew Garrett
2018-01-30 19:00 ` Matthew Garrett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8760e0xfbb.fsf@rustcorp.com.au \
--to=rusty@rustcorp.com.au \
--cc=jeyu@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mjg59@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox