Alan Cox (alan@lxorguk.ukuu.org.uk) writes:
> > Signatures don't make the kernel any more secure, they just give the illusion
> > of security - IMO, the worst possible kind.
>
> They are very valuable for distribution of modules. For example in ensuring
> a Red Hat or Debian kernel package isnt tampered with. At runtime I tend to
> agree.
I didn't think the discussion was about module distribution, but about module
insertion, unless I missed something somewhere. Distribution, yes -
insertion, no.
> There are system setups where signed binaries are a very powerful security
> feature but it is not enough to simply sign binaries, you have to review
> every syscall capable interpreter too.
Signed binaries and signed loadable modules are but one small link in the
chain of security. Libraries, too, must be signed and verified as well. It's
not just a case of "using signed modules" and presto, your kernel is secure.
Those in the security industry know this sort of showboating is meaningless
without furether security measures. So is, by the way, the STO hack that
someone mentioned earlier - you can only hide something so long, and with an
open source OS, it's almost impossible.
> Signed binaries doesn't stop glorious hacks and apps in perl
Agreed, and as long as "root is god", no signed binary or module in the world
is going to stop a determined cracker. Then, it's just a matter of time
before someone packages the crack and throws it to the four winds of the net,
free for the taking by every script kiddie on the net.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:21 EST