Re: Fw: signed kernel modules?
From: Rusty Russell (IBM)
Date: Thu Oct 14 2004 - 20:01:50 EST
On Fri, 2004-10-15 at 09:44, Alan Cox wrote:
> On Mer, 2004-10-13 at 23:40, Rusty Russell (IBM) wrote:
> > > Whoops bang "num 0 elements". That check set isn't safe standalone
> >
> > Thanks, Alan.
> >
> > I'd appreciate your opinion on the issue at hand. Is it worth 600 lines
> > of ELF verification and canonicalization code so we can strip modules
> > without altering the signature?
>
> I'm unconvinced at the moment, it seems it would be easier to write the
> neccessary code to do this in userspace, and then sign the canonicalised
> module so that the kernel interface is small and clean.
Well, my original implementation carefully found the signature section,
copied it out and zeroed it, then checked the whole module. The two
objections David Howells had was (1) stripping the module after build
breaks this, and (2) his scheme uses straight GPG signatures and they
are of variable length: some wrapper would be needed to handle trailing
zeroes in the signature.
The advantage was the simplicity of the scheme: very short path the
module verification, and no canonicalization step.
Rusty.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/