Received: by 10.213.65.68 with SMTP id h4csp116246imn; Tue, 27 Mar 2018 18:03:43 -0700 (PDT) X-Google-Smtp-Source: AIpwx49Jc5/ag7AAKPDkKIg296toakyA1zj7Y6Vu1yw02tgouqutj7/acMDRTch2reEG6EYT+KSS X-Received: by 10.99.3.144 with SMTP id 138mr1027703pgd.364.1522199023554; Tue, 27 Mar 2018 18:03:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522199023; cv=none; d=google.com; s=arc-20160816; b=pl+FVm5JDCYSlpV+b9/Vob3SqhaiQyDimXoTTO/cxw8nli+WANZcU93//To4IRXhi8 5ynZALuE4/MmroIVPpoX3QwbuQJnOlI/RUNKo2EJUgXrMUSzSB+zMv/10x31LNR7Ofyt WpmyLwF+Dt1LfRw6l/7ZEzGtVDWhI3cDXGAelMW8w6JtaUv2n5kguHn3cDxsqXinUuOX k4i24j5JZiJeKbDCG7DU1/J/Uq68iPia4xvsb1lyUqMfAA4Lgvn7waUNwiz8T6HlW66n Suz80dpbgRWzjg8v75a+HbWXB9z3txmLHJt7CbX/1sHHudX11rMkP0YqiKd4wGvcu/F0 MVAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=PtU1eUE4AeYvDnlSDmRG0V5xwTvfXB3shmSH/erDlmw=; b=U1BK48vSQHVdRWyHXaL/KlGet2wYGbOZReZv6QnD/wSTkutbSpG4hJNgtDAaxTfT96 eYS8Oy3CNDmTc56haxs868WCKVyLKD6jU91GXg0jkRuc7Q1tlIi/3rBxs2dvczVULLJ0 M9F7xlXEXkk1ZDn4U0iyfR1Dzq1xXH6jkJWUYD5xBR3VnT7XMrCBwGXjbqay8Zbss3S/ 3fdntuosMsMc27nwj7P2AvUjQWodvfAWLJ/R++LDbg6bFnwF01SNA/Mi5tpRYmJU31HG eEFzLg7QVEBR/SiNqF801rTZU8iQoIrSMCnjpJWTRwAvSvJBL1m11mFcY6UWjbgn8dje 4nJQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n1-v6si2423456pld.87.2018.03.27.18.03.28; Tue, 27 Mar 2018 18:03:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752740AbeC1BCe (ORCPT + 99 others); Tue, 27 Mar 2018 21:02:34 -0400 Received: from out30-131.freemail.mail.aliyun.com ([115.124.30.131]:51529 "EHLO out30-131.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752689AbeC1BCd (ORCPT ); Tue, 27 Mar 2018 21:02:33 -0400 X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R111e4;CH=green;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e04421;MF=zhang.jia@linux.alibaba.com;NM=1;PH=DS;RN=3;SR=0;TI=SMTPD_---0T-Cm1IG_1522198949; Received: from ali-6c96cfd98fb5.local(mailfrom:zhang.jia@linux.alibaba.com fp:42.120.74.96) by smtp.aliyun-inc.com(127.0.0.1); Wed, 28 Mar 2018 09:02:29 +0800 Subject: Re: [PATCH v3 0/3][RESEND] modsign enhancement To: Jessica Yu Cc: Rusty Russell , linux-kernel@vger.kernel.org References: <1521860389-19262-1-git-send-email-zhang.jia@linux.alibaba.com> <20180327221137.d7fhboicw2wi3a52@redbean> From: Jia Zhang Message-ID: <9a950016-0ea6-adec-5d9b-a1f1760d51a0@linux.alibaba.com> Date: Wed, 28 Mar 2018 09:02:29 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180327221137.d7fhboicw2wi3a52@redbean> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2018/3/28 上午6:11, Jessica Yu wrote: > +++ Jia Zhang [24/03/18 10:59 +0800]: >> This patch series allows to disable module validity enforcement >> in runtime through the control switch located in securityfs. >> >> In order to keep /sys/module/module/parameters/sig_enforce simple, >> the disablement switch is located at >> /sys/kernel/security/modsign/disable_enforce. >> >> Assuming CONFIG_MODULE_SIG_FORCE=n, here are the instructions to >> test this control switch. >> >> # cat /sys/module/module/parameters/sig_enforce >> N >> # echo 1 > /sys/module/module/parameters/sig_enforce >> # cat /sys/module/module/parameters/sig_enforce >> Y >> # echo -n 0 > no_sig_enforce >> # openssl smime -sign -nocerts -noattr -binary -in no_sig_enforce \ >>    -inkey -signer -outform der \ >>    -out /sys/kernel/security/modsign/disable_enforce >> # cat /sys/module/module/parameters/sig_enforce >> N > > I'm not convinced we need this. And neither the use case nor the > motivation is explained in the cover letter :-( > > The way I see it - the only time you'd actually use this is in the > situation where you have *already* enabled sig_enforce, and then later > you change your mind - meaning you wanted to load unsigned modules > after all. And if you ever plan on loading unsigned modules, why would > you have enabled sig_enforce in the first place? If you want to keep Similar SELinux, this is just providing a runtime switch to disable modsign temporarily in a safer way. At least it is cannot be simply disabled. Thanks, Jia > the option of loading unsigned modules, don't have sig_enforce or > CONFIG_MODULE_SIG_FORCE enabled. > > [ CC'd Rusty in case he has some thoughts on this ] > > Jessica