Menu
▾
▴
#23 Segmentation fault when no SHA1 kernel module
Do the following:
- sign binaries with Bsign
- load the DigSig kernel module but NOT the sha1 kernel
module (sha1.ko) -- this implies your kernel has been
configured with CONFIG_SHA1=m (not y).
- try to launch the signed binary
=> you'll get a segmentation fault. We should improve
that, and rather return operation not permitted,
because the problem is the signature could not be
verified because the SHA1 module could not get initialized.
Example:
# ./ls -al
Segmentation fault
# tail /var/log/messages
Sep 27 15:36:32 kernel: DIGSIG MODULE - binary is
ld-2.2.5.so
Sep 27 15:36:32 kernel: DIGSIG MODULE Error -
digsig_file_mmap: Signature
not found for the binary: ld-2.2.5.so !
Sep 27 15:36:32 kernel: DIGSIG MODULE - binary is
libc-2.2.5.so
Sep 27 15:36:32 kernel: DIGSIG MODULE Error -
digsig_file_mmap: Signature
not found for the binary: libc-2.2.5.so !
Sep 27 15:36:32 kernel: DIGSIG MODULE Error - tfm
allocation failed
Sep 27 15:36:32 kernel: DIGSIG MODULE Error -
Initializing SHA1 failed
Sep 27 15:36:32 kernel: DIGSIG MODULE -
digsig_verify_signature: Cannot a
llocate crypto context.
Sep 27 15:36:32 kernel: DIGSIG MODULE -
digsig_file_mmap: Signature verif
ication failed because of errors: -12 for ls
Sep 27 15:36:32 kernel: DIGSIG MODULE - binary is
ld-2.2.5.so
Sep 27 15:36:32 kernel: DIGSIG MODULE Error -
digsig_file_mmap: Signature
not found for the binary: ld-2.2.5.so !