Modules operate on _the same_ trust level as the kernel itself. If a
hacker can install a malicious module, he can as well install a
malicious kernel. (I.e. this attack is neither new nor a special Linux
risk, it just makes patching the kernel easier.)
So it is futile for the kernel to check module integrity - you need a
_higher_ trust level. "Higher trust level than the kernel" implies
media the kernel couldn't physically write to after the attack. I.e.
boot from a floppy and re-install everything from trusted media (CD,
backup tapes), check file signatures against separately stored media,
etc.
This applies above all to the kernel and module including their
respecitve sources. The next likely target are the standard system
utilities and compiler (as Thompson has proved, the compiler can never
be completely trusted, and this is an old hat too, but the probability
of a Thompson attack actually occuring is much lower than someone just
poking in the kernel sources...)
olaf