| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Feb 2007 22:14:53 -0800 From: Andreas Gruenbacher <agruen@...e.de> To: Dave Jones <davej@...hat.com> Cc: Andrew Morton <akpm@...ux-foundation.org>, David Howells <dhowells@...hat.com>, torvalds@...ux-foundation.org, herbert.xu@...hat.com, linux-kernel@...r.kernel.org, arjan@...radead.org, linux-crypto@...r.kernel.org Subject: Re: [PATCH 0/6] MODSIGN: Kernel module signing On Wednesday 14 February 2007 21:45, Dave Jones wrote: > well, the situation for external modules is no worse than usual. > They still work, they just aren't signed. Which from a distributor point > of view, is actually a nice thing, as they stick out like a sore thumb > in oops reports with (U) markers :) I agree, that's really what should happen. We solve this by marking modules as supported, partner supported, or unsupported, but in an "insecure" way, so partners and users could try to fake the support status of a module and/or remove status flags from Oopses, and cryptography wouldn't save us. We could try to sign Oopses which I guess you guys are doing. This whole issue hasn't been a serious problem in the past though, and we generally try to trust users not to play games on us. In the end, it all seems to boils down to a difference in philosophy. Thanks, Andreas - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists