From: <gregkh@linuxfoundation.org>
To: ben@decadent.org.uk, gregkh@linuxfoundation.org, rusty@rustcorp.com.au
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
Subject: Patch "Documentation/module-signing.txt: Note need for version info if reusing a key" has been added to the 3.14-stable tree
Date: Thu, 18 Aug 2016 15:23:38 +0200 [thread overview]
Message-ID: <1471526618198217@kroah.com> (raw)
This is a note to let you know that I've just added the patch titled
Documentation/module-signing.txt: Note need for version info if reusing a key
to the 3.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
documentation-module-signing.txt-note-need-for-version-info-if-reusing-a-key.patch
and it can be found in the queue-3.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From b8612e517c3c9809e1200b72c474dbfd969e5a83 Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Thu, 28 Apr 2016 09:24:05 +0930
Subject: Documentation/module-signing.txt: Note need for version info if reusing a key
From: Ben Hutchings <ben@decadent.org.uk>
commit b8612e517c3c9809e1200b72c474dbfd969e5a83 upstream.
Signing a module should only make it trusted by the specific kernel it
was built for, not anything else. If a module signing key is used for
multiple ABI-incompatible kernels, the modules need to include enough
version information to distinguish them.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/module-signing.txt | 6 ++++++
1 file changed, 6 insertions(+)
--- a/Documentation/module-signing.txt
+++ b/Documentation/module-signing.txt
@@ -238,3 +238,9 @@ Since the private key is used to sign mo
the private key to sign modules and compromise the operating system. The
private key must be either destroyed or moved to a secure location and not kept
in the root node of the kernel source tree.
+
+If you use the same private key to sign modules for multiple kernel
+configurations, you must ensure that the module version information is
+sufficient to prevent loading a module into a different kernel. Either
+set CONFIG_MODVERSIONS=y or ensure that each configuration has a different
+kernel release string by changing EXTRAVERSION or CONFIG_LOCALVERSION.
Patches currently in stable-queue which might be from ben@decadent.org.uk are
queue-3.14/module-invalidate-signatures-on-force-loaded-modules.patch
queue-3.14/documentation-module-signing.txt-note-need-for-version-info-if-reusing-a-key.patch
reply other threads:[~2016-08-18 13:24 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1471526618198217@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=ben@decadent.org.uk \
--cc=rusty@rustcorp.com.au \
--cc=stable-commits@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox