Public bug reported: [Impact] ppc64el vmlinuz is world-readable, possibly impacting security on that platform.
[Test case] Verify vmlinuz is not world-readable after the fix. [Regression potential] File permissions may be wrong, possibly allowing attack. -------------------------------------------------------------------------- ====================================================================== FAIL: test_096_boot_symbols_unreadable (__main__.KernelSecurityTest) kernel addresses in /boot are not world readable ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 1438, in test_096_boot_symbols_unreadable self.assertEqual(os.stat(name).st_mode & mask, expected, '%s is world readable' % (name)) AssertionError: /boot/vmlinux-4.15.0-62-generic is world readable ---------------------------------------------------------------------- Ran 125 tests in 31.183s FAILED (failures=1) This currently affects ppc64el. ** Affects: linux-signed (Ubuntu) Importance: Undecided Status: New ** Affects: linux-signed (Ubuntu Bionic) Importance: Medium Assignee: Thadeu Lima de Souza Cascardo (cascardo) Status: In Progress ** Affects: linux-signed (Ubuntu Disco) Importance: Medium Assignee: Thadeu Lima de Souza Cascardo (cascardo) Status: In Progress ** Also affects: linux-signed (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: linux-signed (Ubuntu Disco) Importance: Undecided Status: New ** Changed in: linux-signed (Ubuntu Disco) Importance: Undecided => Medium ** Changed in: linux-signed (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: linux-signed (Ubuntu Disco) Status: New => In Progress ** Changed in: linux-signed (Ubuntu Bionic) Status: New => In Progress ** Changed in: linux-signed (Ubuntu Disco) Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo) ** Changed in: linux-signed (Ubuntu Bionic) Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1843327 Title: vmlinuz is world-readable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-signed/+bug/1843327/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs