Re: Fw: signed kernel modules?

[Bodo Eggert]

Richard B. Johnson wrote:

> One can make a 'certified' kernel with 'certified' modules
> for some hush-hush project. Adding this kind of junk isn't
> how it's done. You just take your favorite kernel with the
> modules you require, you verify that it meets your security
> requirements, then you CRC the kernel and its modules. You
> keep the CRCs somewhere safe, available from a read-only
> source like a CD/ROM or a network file-server. You automatically
> check these CRCs occasionally using a read-only program on
> read-only source like the network or a CD/ROM. If the checks
> fail, you call the "super" and shut down the system.

If a malicious module loads, you lose instantly. You cannot relaibly check
module integrity on this system anymore. E.g. the malicious module might
patch the module checker to check a signed module instead of the malicious
one. Or the Exploit saves the old module, puts in the patched one, loads it
and puts the old one back in place.

Therefore you have to check on loading the module, independent from the
program loading the module. (Or you'd have to check the program loading the
module and provide a reliable way to prevent any race condition, which
would be much harder.)
-- 
Our last fight was my fault: My wife asked me "What's on the TV?"
I said, "Dust!"

Friß, Spammer: customerservice@xxxxxxxxxxxxxx gap@xxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/