Re: Fw: signed kernel modules?

From: Tonnerre
Date: Fri Oct 15 2004 - 15:17:19 EST


Salut,

On Fri, Oct 15, 2004 at 12:46:06PM -0500, Josh Boyer wrote:
> I'd disagree. Do you consider SELinux to be policy as well just because
> it's in the kernel?
>
> As David said in his response, it's a mechanism. Whether _you_ choose
> to use it or not decides the "policy". That's why I said put a config
> option around it. You would still have _choice_.

Actually, even though I agree that Richard is overdramatizing, his
point is not completely invalid. Remembering the trusted computing
initiative, it's always a question of who holds the keys to your
computer. In our case it's no problem, since we compile all the
software on the computer ourselves, and thus we have full control over
what we do.

What trusted computing revealed is that there is at least amongst some
companies a desire to be able to dictate what's going on on your
computer. Think Disney here.

Sure, TCPA is dead. But I've seen a TPM chip. On an Intel test board.
IBM has them as well. I agree that we can trust all these entities
now. But what's going to happen ten years from now? We don't know.

I'm not proclaiming paranoia. I don't say we should burn this patch
alive. I only say that from time to time we have to take care of not
getting to the Wernher von Braun excuse.

Tonnerre

PS. I did a module signing patch some years ago. I did a framework. I
did tests. I got scared of its power. All I say is, take care.

Attachment: signature.asc
Description: Digital signature