Re: Fw: signed kernel modules?

From: Alan Cox
Date: Thu Oct 14 2004 - 19:51:34 EST

Next message: Adam Heath: "Re: [patch] Real-Time Preemption, -VP-2.6.9-rc4-mm1-U2"
Previous message: Rusty Russell: "Re: Fw: signed kernel modules?"
In reply to: Rusty Russell (IBM): "Re: Fw: signed kernel modules?"
Next in thread: Rusty Russell (IBM): "Re: Fw: signed kernel modules?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mer, 2004-10-13 at 23:40, Rusty Russell (IBM) wrote:
> > Whoops bang "num 0 elements". That check set isn't safe standalone
>
> Thanks, Alan.
>
> I'd appreciate your opinion on the issue at hand. Is it worth 600 lines
> of ELF verification and canonicalization code so we can strip modules
> without altering the signature?

I'm unconvinced at the moment, it seems it would be easier to write the
neccessary code to do this in userspace, and then sign the canonicalised
module so that the kernel interface is small and clean.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Adam Heath: "Re: [patch] Real-Time Preemption, -VP-2.6.9-rc4-mm1-U2"
Previous message: Rusty Russell: "Re: Fw: signed kernel modules?"
In reply to: Rusty Russell (IBM): "Re: Fw: signed kernel modules?"
Next in thread: Rusty Russell (IBM): "Re: Fw: signed kernel modules?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]