On 2020/08/14 at 07:27am, Dale wrote: > Peter Humphrey wrote: > > I saw this today: > > > > https://linux.slashdot.org/story/20/08/13/174237/fbi-and-nsa-expose-new-linux-malware-drovorub-used-by-russian-state-hackers? > > utm_source=slashdot&utm_medium=twitter > > > > Has anyone any more info?
> It seems to affect only older kernels, before 3.7. So if you are > above that, which I would think most Gentoo users would at least be in > the 4 range or higher, then you should be OK. I checked and the oldest > kernel version is 4.4 here. That's for gentoo-sources. Of course, > one could download the original kernel sources I guess. I think the 3.7 version is just because that was when kernel module signing was introduced? According to Ars: The advisory also urged that, at a minimum, servers run Linux kernel version 3.7 or later so that organizations can use improved code-signing protections, which use cryptographic certificates to ensure that an app, driver, or module comes from a known and trusted source and hasn’t been tampered with by anyone else. Additionally, system owners are advised to configure systems to load only modules with a valid digital signature making it more difficult for an actor to introduce a malicious kernel module into the system,” the advisory stated. https://arstechnica.com/information-technology/2020/08/nsa-and-fbi-warn-that-new-linux-malware-threatens-national-security/ So, it sounds like you are not immune if you have 3.7+, just that you do have some additional tools you could use to protect yourself. I use Gentoo just at home for personal use, and it never even occurred to me to use digital sigs for kernel modules. I found this: https://wiki.gentoo.org/wiki/Signed_kernel_module_support but haven't had time to try it yet. Does anyone have experience with digitally signing kernel modules on Gentoo? -- Chris Spackman (he/him) ch...@osugisakae.com ESL Coordinator The Graham Family of Schools ESL Instructor Columbus State Community College Japan Exchange and Teaching Program Wajima, Ishikawa 1995-1998 Linux user since 1998 Linux User #137532
