[Bug 1843327] [NEW] vmlinuz is world-readable

Mon, 09 Sep 2019 12:41:26 -0700 

Public bug reported:

[Impact]
ppc64el vmlinuz is world-readable, possibly impacting security on that platform.

[Test case]
Verify vmlinuz is not world-readable after the fix.

[Regression potential]
File permissions may be wrong, possibly allowing attack.


--------------------------------------------------------------------------

  ======================================================================
  FAIL: test_096_boot_symbols_unreadable (__main__.KernelSecurityTest)
  kernel addresses in /boot are not world readable
  ----------------------------------------------------------------------
  Traceback (most recent call last):
    File "./test-kernel-security.py", line 1438, in 
test_096_boot_symbols_unreadable
      self.assertEqual(os.stat(name).st_mode & mask, expected, '%s is world 
readable' % (name))
  AssertionError: /boot/vmlinux-4.15.0-62-generic is world readable
  
  ----------------------------------------------------------------------
  Ran 125 tests in 31.183s
  
  FAILED (failures=1)

This currently affects ppc64el.

** Affects: linux-signed (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: linux-signed (Ubuntu Bionic)
     Importance: Medium
     Assignee: Thadeu Lima de Souza Cascardo (cascardo)
         Status: In Progress

** Affects: linux-signed (Ubuntu Disco)
     Importance: Medium
     Assignee: Thadeu Lima de Souza Cascardo (cascardo)
         Status: In Progress

** Also affects: linux-signed (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: linux-signed (Ubuntu Disco)
   Importance: Undecided
       Status: New

** Changed in: linux-signed (Ubuntu Disco)
   Importance: Undecided => Medium

** Changed in: linux-signed (Ubuntu Bionic)
   Importance: Undecided => Medium

** Changed in: linux-signed (Ubuntu Disco)
       Status: New => In Progress

** Changed in: linux-signed (Ubuntu Bionic)
       Status: New => In Progress

** Changed in: linux-signed (Ubuntu Disco)
     Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo)

** Changed in: linux-signed (Ubuntu Bionic)
     Assignee: (unassigned) => Thadeu Lima de Souza Cascardo (cascardo)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1843327

Title:
  vmlinuz is world-readable

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-signed/+bug/1843327/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to