Re: Fw: signed kernel modules?

From: Richard B. Johnson
Date: Fri Oct 15 2004 - 12:10:33 EST

Next message: Jeff Garzik: "Re: promise (105a:3319) unattended boot"
Previous message: Andrea Arcangeli: "Re: per-process shared information"
In reply to: Josh Boyer: "Re: Fw: signed kernel modules?"
Next in thread: David Woodhouse: "Re: Fw: signed kernel modules?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 15 Oct 2004, Josh Boyer wrote:

On Fri, 2004-10-15 at 10:53, Gene Heskett wrote:

cd linux-2.6;
patch -R -p1 < ../<modsign patch name>

josh

Yes, but what happens if it gets into the tarballs from kernel.org.

Stop this nonsense Linus, now.

While my original post was more of a symbolic "I think you're being a
bit over-dramatic" response, it's still valid once it's in a tarball
too. A tarball is just source that has the patch applied...

I personally don't see anything wrong with concept of signed modules.
Make it a config option and call it good. I'd probably never run with
signed modules with a kernel I built myself, but that's my choice.
Others can choose differently.

Let's separate the technical details from the opinions about whether
such a feature will end the free world as we know it or not. (Which it
won't).

josh

The technical details are that "signed", "sealed", "certified",
relate to policy. For years policy was not allowed to be included in
the kernel. In recent times, the kernel has become filthy with
policy.

For instance, a simple module that implements open/close has this

00000000 r __mod_license23
00000047 r __module_depends
00000020 r __mod_vermagic5
00000000 D __this_module
00000000 r ____versions

... used to enforce somebody's policy (whoever wrote the latest
module code), not your policy nor my policy, just someone's policy
which becomes the de-facto kernel "law". That's why there must
not be policy in the kernel because it's not possible to get
it right. What's right for you is wrong for another.

We let this start when there were problems with secret video
modules. Nobody wanted to debug a kernel that could be corrupted
by a module where nobody could read the source-code. So if there
isn't a MODULE_LICENSE("POLICY") then a 'tainted' mark goes
in any OOPS report. Well, they got away with that. It was
explained away as being "good" policy. Now they are making
more policy.

And, yes, the end-of-the-world-as-we-know-it, comes one interval
at a time.

Cheers,
Dick Johnson
Penguin : Linux version 2.6.8 on an i686 machine (5537.79 BogoMips).
Note 96.31% of all statistics are fiction.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeff Garzik: "Re: promise (105a:3319) unattended boot"
Previous message: Andrea Arcangeli: "Re: per-process shared information"
In reply to: Josh Boyer: "Re: Fw: signed kernel modules?"
Next in thread: David Woodhouse: "Re: Fw: signed kernel modules?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]