Re: Future Linux devel. Kernels

From: Ed Carp (erc@pobox.com)
Date: Sun May 07 2000 - 12:51:53 EST

Next message: Guest section DW: "Re: 2.2.15 multicast list set .. from a timer routine"
Previous message: Ed Carp: "Re: Future Linux devel. Kernels"
Maybe in reply to: Ron Van Dam: "Future Linux devel. Kernels"
Next in thread: Alan Cox: "Re: Future Linux devel. Kernels"
Reply: Alan Cox: "Re: Future Linux devel. Kernels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ron Van Dam (rvandam@liwave.com) writes:

> Enable Kernel Module signatures so any foriegn kernel modules will be
> refused. (to avoid Kernel Module hacking).

I don't understand the reason for this - either the permissions are set up
correctly in the file system for the module directory or they aren't. If they
are, then if a cracker gets past that, they've got your whole system anyway,
and if they aren't, you're screwed anyway.

Signatures don't make the kernel any more secure, they just give the illusion
of security - IMO, the worst possible kind.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Guest section DW: "Re: 2.2.15 multicast list set .. from a timer routine"
Previous message: Ed Carp: "Re: Future Linux devel. Kernels"
Maybe in reply to: Ron Van Dam: "Future Linux devel. Kernels"
Next in thread: Alan Cox: "Re: Future Linux devel. Kernels"
Reply: Alan Cox: "Re: Future Linux devel. Kernels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:21 EST