| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 05 Jun 2012 09:53:30 +0930 From: Rusty Russell <rusty@...tcorp.com.au> To: Josh Boyer <jwboyer@...il.com> Cc: David Howells <dhowells@...hat.com>, kyle@...artin.ca, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, keyrings@...ux-nfs.org Subject: Re: [PATCH 00/23] Crypto keys and module signing On Mon, 4 Jun 2012 09:38:43 -0400, Josh Boyer <jwboyer@...il.com> wrote: > On Sun, Jun 3, 2012 at 9:16 PM, Rusty Russell <rusty@...tcorp.com.au> wrote: > > Mangling a module after it is signed is very odd, and odd things aren't > > nice for security features. That's how we got here; I'm trying to move > > the oddness out of the verification path. > > It's unfortunate, yes. The biggest case I can think of is splitting > the debug symbols out of the modules after they are built (David might > have other cases). Perhaps we could upstream that as well and > organize it such that the modules are built, split for debuginfo, and > then signed? That was my original suggestion. Just prepare all the module variants at build time, and sign them all. See: https://lkml.org/lkml/2011/12/10/16 Cheers, Rusty. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists