Re: [PATCH 0/6] MODSIGN: Kernel module signing

From: Andreas Gruenbacher
Date: Thu Feb 15 2007 - 01:15:32 EST

Next message: Neil Brown: "Re: GPL vs non-GPL device drivers"
Previous message: Dave Jones: "Re: GPL vs non-GPL device drivers"
In reply to: Dave Jones: "Re: [PATCH 0/6] MODSIGN: Kernel module signing"
Next in thread: Dave Jones: "Re: [PATCH 0/6] MODSIGN: Kernel module signing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wednesday 14 February 2007 21:45, Dave Jones wrote:
> well, the situation for external modules is no worse than usual.
> They still work, they just aren't signed. Which from a distributor point
> of view, is actually a nice thing, as they stick out like a sore thumb
> in oops reports with (U) markers :)

I agree, that's really what should happen. We solve this by marking modules as
supported, partner supported, or unsupported, but in an "insecure" way, so
partners and users could try to fake the support status of a module and/or
remove status flags from Oopses, and cryptography wouldn't save us. We could
try to sign Oopses which I guess you guys are doing. This whole issue hasn't
been a serious problem in the past though, and we generally try to trust
users not to play games on us.

In the end, it all seems to boils down to a difference in philosophy.

Thanks,
Andreas
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Neil Brown: "Re: GPL vs non-GPL device drivers"
Previous message: Dave Jones: "Re: GPL vs non-GPL device drivers"
In reply to: Dave Jones: "Re: [PATCH 0/6] MODSIGN: Kernel module signing"
Next in thread: Dave Jones: "Re: [PATCH 0/6] MODSIGN: Kernel module signing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]