Re: Fw: signed kernel modules?

From: Gene Heskett
Date: Fri Oct 15 2004 - 11:01:36 EST


On Friday 15 October 2004 10:01, David Woodhouse wrote:
>On Fri, 2004-10-15 at 13:12 +0200, Roman Zippel wrote:
>> > I've uploaded an updated module signing patch with Rusty's
>> > suggested additions:
>>
>> Can someone please put this patch into some context, where it's
>> not completely pointless? As is it does not make anything more
>> secure. Why is the kernel more trustable than a kernel module?
>
>Because it's not that hard to put the kernel onto read-only media or
> in a flash chip to which you physically cut the Vpen line.
>
>One solution is just to disallow modules altogether -- but that
> isn't really ideal in a number of cases. Allowing only certain
> _known_ modules is a more functional solution.

The point being that who decides what is a known module?

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.27% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attorneys please note, additions to this message
by Gene Heskett are:
Copyright 2004 by Maurice Eugene Heskett, all rights reserved.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/