[PATCH] crypto: make public_key_subtype data structure read only

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



During the attempt to disable the kernel module signing
verification in some android kernel, I came across that
the public_key_subtype in asymmetric_keys/public_key.c
which has following declarations:
struct asymmetric_key_subtype public_key_subtype = {
...
        .describe               = public_key_describe,
        .destroy                = public_key_destroy,
        .verify_signature       = public_key_verify_signature_2,
};

As long as I have root access and /dev/mem access available,
it seems to be quite easy to have kernel module signing
verification workarounded by just simply assign the address
of public_key_describe() to the .verify_signature data member.

This could be avoided by adding const to the data structure to
make all the data members ready only.

Signed-off-by: zibo zhao <chinabull@xxxxxxxxx>
---
 crypto/asymmetric_keys/public_key.c | 2 +-
 crypto/asymmetric_keys/public_key.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index 2f6e4fb..bf921b8 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -118,7 +118,7 @@ static int public_key_verify_signature_2(const struct key *key,
 /*
  * Public key algorithm asymmetric key subtype
  */
-struct asymmetric_key_subtype public_key_subtype = {
+const struct asymmetric_key_subtype public_key_subtype = {
 	.owner			= THIS_MODULE,
 	.name			= "public_key",
 	.name_len		= sizeof("public_key") - 1,
diff --git a/crypto/asymmetric_keys/public_key.h b/crypto/asymmetric_keys/public_key.h
index 5c37a22..751f5c3 100644
--- a/crypto/asymmetric_keys/public_key.h
+++ b/crypto/asymmetric_keys/public_key.h
@@ -13,7 +13,7 @@
 
 #include <crypto/public_key.h>
 
-extern struct asymmetric_key_subtype public_key_subtype;
+extern const struct asymmetric_key_subtype public_key_subtype;
 
 /*
  * Public key algorithm definition.
-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux