During the attempt to disable the kernel module signing
verification in some android kernel, I came across that
the public_key_subtype in asymmetric_keys/public_key.c
which has following declarations:
struct asymmetric_key_subtype public_key_subtype = {
...
.describe = public_key_describe,
.destroy = public_key_destroy,
.verify_signature = public_key_verify_signature_2,
};
As long as I have root access and /dev/mem access available,
it seems to be quite easy to have kernel module signing
verification workarounded by just simply assign the address
of public_key_describe() to the .verify_signature data member.
This could be avoided by adding const to the data structure to
make all the data members ready only.
Signed-off-by: zibo zhao <[email protected]>
---
crypto/asymmetric_keys/public_key.c | 2 +-
crypto/asymmetric_keys/public_key.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/asymmetric_keys/public_key.c
b/crypto/asymmetric_keys/public_key.c
index 2f6e4fb..bf921b8 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -118,7 +118,7 @@ static int public_key_verify_signature_2(const struct key
*key,
/*
* Public key algorithm asymmetric key subtype
*/
-struct asymmetric_key_subtype public_key_subtype = {
+const struct asymmetric_key_subtype public_key_subtype = {
.owner = THIS_MODULE,
.name = "public_key",
.name_len = sizeof("public_key") - 1,
diff --git a/crypto/asymmetric_keys/public_key.h
b/crypto/asymmetric_keys/public_key.h
index 5c37a22..751f5c3 100644
--- a/crypto/asymmetric_keys/public_key.h
+++ b/crypto/asymmetric_keys/public_key.h
@@ -13,7 +13,7 @@
#include <crypto/public_key.h>
-extern struct asymmetric_key_subtype public_key_subtype;
+extern const struct asymmetric_key_subtype public_key_subtype;
/*
* Public key algorithm definition.
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
