disable sha-1 hashing for policy for Ubuntu Touch

Bug #1383886 reported by Jamie Strandboge on 2014-10-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Medium
John Johansen
linux (Ubuntu)
Medium
John Johansen
linux-flo (Ubuntu)
Medium
John Johansen
linux-goldfish (Ubuntu)
Medium
John Johansen
linux-hammerhead (Ubuntu)
Medium
John Johansen
linux-mako (Ubuntu)
Medium
John Johansen
linux-manta (Ubuntu)
Medium
John Johansen

Bug Description

Currently there is a compile time option to disable/enable sha-1 hashing of profiles. While enabling this option is useful for debugging, it can incur a 1 second cache load penalty on Ubuntu Touch with ~100 profiles. Upstream task is to make this runtime/boot time configurable.

CVE References

Changed in linux-flo (Ubuntu):
status: New → Triaged
Changed in linux-goldfish (Ubuntu):
status: New → Triaged
Changed in linux-hammerhead (Ubuntu):
status: New → Triaged
Changed in linux-mako (Ubuntu):
status: New → Triaged
Changed in linux-manta (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Changed in linux-mako (Ubuntu):
importance: Undecided → Medium
Changed in linux-hammerhead (Ubuntu):
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu):
importance: Undecided → Medium
Changed in linux-flo (Ubuntu):
importance: Undecided → Medium
description: updated
Revision history for this message
Tyler Hicks (tyhicks) wrote :

John has written a patch and sent it to the upstream AppArmor list:

  https://lists.ubuntu.com/archives/apparmor/2014-October/006696.html

This patch now should be sent to the Ubuntu Kernel Team list for inclusion in the Ubuntu kernels.

Changed in apparmor:
assignee: nobody → John Johansen (jjohansen)
status: Triaged → In Progress
Changed in linux-flo (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
Changed in linux-goldfish (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
Changed in linux-hammerhead (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
Changed in linux-mako (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
Changed in linux-manta (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
Andy Whitcroft (apw) on 2014-12-11
Changed in linux (Ubuntu):
assignee: nobody → John Johansen (jjohansen)
status: New → Triaged
importance: Undecided → Medium
status: Triaged → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.18.0-8.9

---------------
linux (3.18.0-8.9) vivid; urgency=low

  [ Leann Ogasawara ]

  * Release Tracking Bug
    - LP: #1407692
  * rebase to v3.18.1
  * ubuntu: AUFS -- Resolve build failure union has no member named
    'd_child'

  [ Upstream Kernel Changes ]

  * arm64: optimized copy_to_user and copy_from_user assembly code
    - LP: #1400349
  * x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit
    - LP: #1400314
    - CVE-2014-8134
  * rebase to v3.18.1
 -- Leann Ogasawara <email address hidden> Mon, 05 Jan 2015 09:12:32 -0800

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers