Date: Sun, 21 May 2017 16:51:53 -0700 From: Conrad Meyer <cem@freebsd.org> To: Eric McCorkle <eric@metricspace.net> Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>, freebsd-security@freebsd.org Subject: Re: Proposal for a design for signed kernel/modules/etc Message-ID: <CAG6CVpVXyy4vgkKn_7T1Bw_uth0eS63DiFAOV8ZdecaUmeHFaA@mail.gmail.com> In-Reply-To: <e7932a8c-ab0d-4506-ba51-385f39809037@metricspace.net> References: <6f6b47ed-84e0-e4c0-9df5-350620cff45b@metricspace.net> <20170327183735.uokjhjaafkawc2id@mutt-hbsd> <e7932a8c-ab0d-4506-ba51-385f39809037@metricspace.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Eric, On Wed, Mar 29, 2017 at 7:22 PM, Eric McCorkle <eric@metricspace.net> wrote: >... > == Specifics == > >... > > * A signed ELF will definitely contain a .sign section containing a > single detached signature in PKCS#7 format with DER encoding. I'm concerned about the complexity of parsing PKCS#7 (including ASN.1) in places that need to validate signed objects. In particular, the kernel (for runtime-loaded objects). Complex parsers are a common source of security bugs, so PKCS#7 doesn't seem like a good fit for security-critical code like the kernel syscall interface. Could a more minimal format take the place of PKCS#7 in .sign sections? Thanks, Conrad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpVXyy4vgkKn_7T1Bw_uth0eS63DiFAOV8ZdecaUmeHFaA>