Re: [PATCH 0/3] ELF executable signing and verification

From: Vivek Goyal
Date: Thu Jan 17 2013 - 12:25:27 EST

Next message: Amit Kale: "RE: [dm-devel] Announcement: STEC EnhanceIO SSD caching softwarefor Linux kernel"
Previous message: Luck, Tony: "RE: [PATCH v10 3/3] aerdrv: Cleanup log output for AER"
In reply to: Kasatkin, Dmitry: "Re: [PATCH 0/3] ELF executable signing and verification"
Next in thread: Rusty Russell: "Re: [PATCH 0/3] ELF executable signing and verification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 17, 2013 at 06:22:47PM +0200, Kasatkin, Dmitry wrote:

[..]
> > Currently it is expected to use these patches only for statically linked
> > executables. No dynamic linking. In fact patches specifically disable
> > calling interpreter. This does not prevent against somebody using dlopen()
> > sutff. So don't sign binaries which do that.
>
> How dynamic linking and interpreter are related together?

Well interpreter will do the dynamic linking automatically? So I blocked
that.

>
> This is rather policy than enforcement.
> Protection works only for statically linked binaries, because dynamic
> libraries are not verified.

Agreed.

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Amit Kale: "RE: [dm-devel] Announcement: STEC EnhanceIO SSD caching softwarefor Linux kernel"
Previous message: Luck, Tony: "RE: [PATCH v10 3/3] aerdrv: Cleanup log output for AER"
In reply to: Kasatkin, Dmitry: "Re: [PATCH 0/3] ELF executable signing and verification"
Next in thread: Rusty Russell: "Re: [PATCH 0/3] ELF executable signing and verification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]