1 |
On 2020/08/14 at 07:27am, Dale wrote: |
2 |
|
3 |
> Peter Humphrey wrote: |
4 |
> > I saw this today: |
5 |
> > |
6 |
> > https://linux.slashdot.org/story/20/08/13/174237/fbi-and-nsa-expose-new-linux-malware-drovorub-used-by-russian-state-hackers? |
7 |
> > utm_source=slashdot&utm_medium=twitter |
8 |
> > |
9 |
> > Has anyone any more info? |
10 |
|
11 |
> It seems to affect only older kernels, before 3.7. So if you are |
12 |
> above that, which I would think most Gentoo users would at least be in |
13 |
> the 4 range or higher, then you should be OK. I checked and the oldest |
14 |
> kernel version is 4.4 here. That's for gentoo-sources. Of course, |
15 |
> one could download the original kernel sources I guess. |
16 |
|
17 |
I think the 3.7 version is just because that was when kernel module |
18 |
signing was introduced? |
19 |
|
20 |
According to Ars: |
21 |
|
22 |
The advisory also urged that, at a minimum, servers run Linux kernel |
23 |
version 3.7 or later so that organizations can use improved |
24 |
code-signing protections, which use cryptographic certificates to |
25 |
ensure that an app, driver, or module comes from a known and trusted |
26 |
source and hasn’t been tampered with by anyone else. |
27 |
|
28 |
Additionally, system owners are advised to configure systems to load |
29 |
only modules with a valid digital signature making it more difficult |
30 |
for an actor to introduce a malicious kernel module into the system,” |
31 |
the advisory stated. |
32 |
|
33 |
https://arstechnica.com/information-technology/2020/08/nsa-and-fbi-warn-that-new-linux-malware-threatens-national-security/ |
34 |
|
35 |
So, it sounds like you are not immune if you have 3.7+, just that you do |
36 |
have some additional tools you could use to protect yourself. I use |
37 |
Gentoo just at home for personal use, and it never even occurred to me |
38 |
to use digital sigs for kernel modules. |
39 |
|
40 |
I found this: https://wiki.gentoo.org/wiki/Signed_kernel_module_support |
41 |
but haven't had time to try it yet. Does anyone have experience with |
42 |
digitally signing kernel modules on Gentoo? |
43 |
|
44 |
-- |
45 |
Chris Spackman (he/him) chris@××××××××××.com |
46 |
|
47 |
ESL Coordinator The Graham Family of Schools |
48 |
ESL Instructor Columbus State Community College |
49 |
Japan Exchange and Teaching Program Wajima, Ishikawa 1995-1998 |
50 |
Linux user since 1998 Linux User #137532 |