Received: by 10.213.65.68 with SMTP id h4csp12778imn; Tue, 27 Mar 2018 15:13:19 -0700 (PDT) X-Google-Smtp-Source: AIpwx49M68AsvgVJFsFvn3q9YR1GpMQ33eGzeXXpNWaRlH6VZFmPpL56OMm5RMhOlnP+5hJsQRJV X-Received: by 2002:a17:902:7d81:: with SMTP id a1-v6mr1040175plm.193.1522188798977; Tue, 27 Mar 2018 15:13:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522188798; cv=none; d=google.com; s=arc-20160816; b=ewdr2Qvcar9IFVe/rMQx5TmbSB3b7Yk/Y+MtlHvhjPflXeTKg18WTQWYk3z4NqLEpG HVi06nK0eExDsVyYnpYI1VXPLuVIUbB73+hVXzGi66q7tL08KthgVg5sIA6Nell0BESl PO8+pBXpnnHF4g7yUlIQ0grc2Mp2Qoq781BeiXUrSEl1/yNpgIhAJMgVNPH8bohM31bT kaAH+CiVMX7vc5RJQZ1ZkG3CQLSijM/BTupz8euSBP50YMmIlTYmWc60f4XsOcRLImCQ i1ZH6v92vm5Pqa1r58bSOBoUOM5wkeWbQWhgScWGqLyk09kDYzfl+JJTbZ7V5f8PyJze lCMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dmarc-filter:arc-authentication-results; bh=VGULukKzLB+9uZENqJak5bzccg0HFAkB0JidIcWjB2E=; b=BZSzO/Cj11ywelh4ukRs25n+jdAStbN3tyuSrFk4i34cKtSV9hWg6oxIlWKCd2+WZ5 Si3dASMzb3+0iitvAik8SU57EFxXriI3VhRaih+a5EY+gAxl+lOlQucr5ryQxPrP38xO Q+hUoRufy9EpZj8njxNoX5AGixKqKiWVF1vXo6bp21n3R90rjNJ26oQ23FKUtA+ku9Yx TIN7earx+89ubdoJVmUQfpKFV5Qhl7s9guqrK9eqGgb4quS1t0VdPfpKi9Zb/sdP1XWW N8l5JlN9IjPQfNuDWNV1ZvtchlQb+pQJRrz9AHm0k4WoCK448EVKSjyy3t+Md8R2QqAV lU2A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l7-v6si2253333plt.89.2018.03.27.15.13.04; Tue, 27 Mar 2018 15:13:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752175AbeC0WLo (ORCPT + 99 others); Tue, 27 Mar 2018 18:11:44 -0400 Received: from mail.kernel.org ([198.145.29.99]:52352 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751020AbeC0WLn (ORCPT ); Tue, 27 Mar 2018 18:11:43 -0400 Received: from redbean (ip5f5ade7c.dynamic.kabel-deutschland.de [95.90.222.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 035B72172B; Tue, 27 Mar 2018 22:11:41 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 035B72172B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=jeyu@kernel.org Date: Wed, 28 Mar 2018 00:11:37 +0200 From: Jessica Yu To: Jia Zhang Cc: Rusty Russell , linux-kernel@vger.kernel.org Subject: Re: [PATCH v3 0/3][RESEND] modsign enhancement Message-ID: <20180327221137.d7fhboicw2wi3a52@redbean> References: <1521860389-19262-1-git-send-email-zhang.jia@linux.alibaba.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <1521860389-19262-1-git-send-email-zhang.jia@linux.alibaba.com> X-OS: Linux redbean 4.15.10-200.fc26.x86_64 x86_64 User-Agent: NeoMutt/20180323 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org +++ Jia Zhang [24/03/18 10:59 +0800]: >This patch series allows to disable module validity enforcement >in runtime through the control switch located in securityfs. > >In order to keep /sys/module/module/parameters/sig_enforce simple, >the disablement switch is located at >/sys/kernel/security/modsign/disable_enforce. > >Assuming CONFIG_MODULE_SIG_FORCE=n, here are the instructions to >test this control switch. > ># cat /sys/module/module/parameters/sig_enforce >N ># echo 1 > /sys/module/module/parameters/sig_enforce ># cat /sys/module/module/parameters/sig_enforce >Y ># echo -n 0 > no_sig_enforce ># openssl smime -sign -nocerts -noattr -binary -in no_sig_enforce \ > -inkey -signer -outform der \ > -out /sys/kernel/security/modsign/disable_enforce ># cat /sys/module/module/parameters/sig_enforce >N I'm not convinced we need this. And neither the use case nor the motivation is explained in the cover letter :-( The way I see it - the only time you'd actually use this is in the situation where you have *already* enabled sig_enforce, and then later you change your mind - meaning you wanted to load unsigned modules after all. And if you ever plan on loading unsigned modules, why would you have enabled sig_enforce in the first place? If you want to keep the option of loading unsigned modules, don't have sig_enforce or CONFIG_MODULE_SIG_FORCE enabled. [ CC'd Rusty in case he has some thoughts on this ] Jessica