[go: up one dir, main page]
|
|
Log in / Subscribe / Register

A story of three kernel vulnerabilities

A story of three kernel vulnerabilities

Posted Feb 20, 2013 20:44 UTC (Wed) by corsac (subscriber, #49696)
In reply to: A story of three kernel vulnerabilities by Trou.fr
Parent article: A story of three kernel vulnerabilities

And about support for signed modules: I'm sure everyone loves having an X509/ASN1 parser running in ring0.

to post comments

A story of three kernel vulnerabilities

Posted Feb 20, 2013 21:23 UTC (Wed) by raven667 (subscriber, #5198) [Link]

There is far far far more than that when it comes to complex interfaces. Aside from the arbitrariness of ioctl there is bpf and GPU command validation as well as iptables and who knows what else that is passing complex data structures into the kernel.

A story of three kernel vulnerabilities

Posted Feb 21, 2013 3:16 UTC (Thu) by draco (subscriber, #1792) [Link] (1 responses)

There's nothing about signing stuff that requires ASN.1 or X.509. Also, it's entirely possible that userspace uses ASN.1/X.509 to get at the keys to sign with, but something else to carry the signature itself.

If the kernel must parse ASN.1/X.509 to parse the signature for authentication...yikes, but that's not a requirement. (And even if they are, I hope it's a really limited implementation.)

A story of three kernel vulnerabilities

Posted Feb 21, 2013 6:16 UTC (Thu) by corsac (subscriber, #49696) [Link]

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;...

A story of three kernel vulnerabilities

Posted Feb 21, 2013 19:13 UTC (Thu) by zlynx (guest, #2285) [Link]

I'd rather have an ASN1 parser in there than yet another custom format. At least ASN1 is well defined and doesn't shift its meaning on different machine architectures.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds