Public bug reported:
[Impact]
ppc64el vmlinuz is world-readable, possibly impacting security on that platform.
[Test case]
Verify vmlinuz is not world-readable after the fix.
[Regression potential]
File permissions may be wrong, possibly allowing attack.
--------------------------------------------------------------------------
======================================================================
FAIL: test_096_boot_symbols_unreadable (__main__.KernelSecurityTest)
kernel addresses in /boot are not world readable
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 1438, in
test_096_boot_symbols_unreadable
self.assertEqual(os.stat(name).st_mode & mask, expected, '%s is world
readable' % (name))
AssertionError: /boot/vmlinux-4.15.0-62-generic is world readable
----------------------------------------------------------------------
Ran 125 tests in 31.183s
FAILED (failures=1)
This currently affects ppc64el.
** Affects: linux-signed (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-signed (Ubuntu Bionic)
Importance: Medium
Assignee: Thadeu Lima de Souza Cascardo (cascardo)
Status: In Progress
** Affects: linux-signed (Ubuntu Disco)
Importance: Medium
Assignee: Thadeu Lima de Souza Cascardo (cascardo)
Status: In Progress
** Also affects: linux-signed (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: linux-signed (Ubuntu Disco)
Importance: Undecided
Status: New
** Changed in: linux-signed (Ubuntu Disco)
Importance: Undecided => Medium
** Changed in: linux-signed (Ubuntu Bionic)
Importance: Undecided => Medium
** Changed in: linux-signed (Ubuntu Disco)
Status: New => In Progress
** Changed in: linux-signed (Ubuntu Bionic)
Status: New => In Progress
** Changed in: linux-signed (Ubuntu Disco)
Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo)
** Changed in: linux-signed (Ubuntu Bionic)
Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1843327
Title:
vmlinuz is world-readable
Status in linux-signed package in Ubuntu:
New
Status in linux-signed source package in Bionic:
In Progress
Status in linux-signed source package in Disco:
In Progress
Bug description:
[Impact]
ppc64el vmlinuz is world-readable, possibly impacting security on that
platform.
[Test case]
Verify vmlinuz is not world-readable after the fix.
[Regression potential]
File permissions may be wrong, possibly allowing attack.
--------------------------------------------------------------------------
======================================================================
FAIL: test_096_boot_symbols_unreadable (__main__.KernelSecurityTest)
kernel addresses in /boot are not world readable
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 1438, in
test_096_boot_symbols_unreadable
self.assertEqual(os.stat(name).st_mode & mask, expected, '%s is world
readable' % (name))
AssertionError: /boot/vmlinux-4.15.0-62-generic is world readable
----------------------------------------------------------------------
Ran 125 tests in 31.183s
FAILED (failures=1)
This currently affects ppc64el.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-signed/+bug/1843327/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
