Re: Future Linux devel. Kernels

From: Alan Cox (alan@lxorguk.ukuu.org.uk)
Date: Sun May 07 2000 - 16:35:04 EST


> Signatures don't make the kernel any more secure, they just give the illusion
> of security - IMO, the worst possible kind.

They are very valuable for distribution of modules. For example in ensuring
a Red Hat or Debian kernel package isnt tampered with. At runtime I tend to
agree.

There are system setups where signed binaries are a very powerful security
feature but it is not enough to simply sign binaries, you have to review
every syscall capable interpreter too.

Signed binaries doesn't stop glorious hacks and apps in perl

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:21 EST