Since the cracker/hacker community is actively drooling over this route
to undermining security, isn't the time ripe to add some superior facilities
to control kernel-module loading and authenticate modules ?
As a first approach I was thinking generically of a matched set of kernel
and modules, that recognize and work with only each other.
Since the only cryptographic process here would be signing, I don't think
this would impact kernel distribution.
Naturally, there are other issues with modules that need to be
addressed....better to do so now before tools begin to appear.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/