| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87ip6phmo4.fsf@rustcorp.com.au> Date: Tue, 22 Jan 2013 14:52:19 +1030 From: Rusty Russell <rusty@...abs.org> To: Vivek Goyal <vgoyal@...hat.com>, linux-kernel@...r.kernel.org Cc: ebiederm@...ssion.com, zohar@...ux.vnet.ibm.com, pjones@...hat.com, hpa@...or.com, dhowells@...hat.com, jwboyer@...hat.com, vgoyal@...hat.com, "Mimi Zohar" <zohar@...ux.vnet.ibm.com> Subject: Re: [PATCH 0/3] ELF executable signing and verification Vivek Goyal <vgoyal@...hat.com> writes: > Hi, > > This is a very crude RFC for ELF executable signing and verification. This > has been done along the lines of module signature verification. Yes, but I'm the first to admit that's the wrong lines. The reasons we didn't choose that for module signatures: 1) I was unaware of it, 2) We didn't have a file descriptor in the module syscall, and 3) It needs attributes, and we don't understand xattrs in cpio (though bsdcpio does). #1 and #2 are no longer true; #3 is a simple matter of coding. Since signing binaries is the New Hotness, I'd prefer not to keep reiterating this discussion every month. Let's beef up IMA instead... Thanks, Rusty. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists