tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: How to make module autoloading play nice with securelevel



On Sat, Oct 16, 2010 at 07:56:22PM -0700, Gary Thorpe wrote:
>
> Would it be useful to use digital signatures with kernel modules and
> have the user decide which signatures are "trusted" (including the
> options of accepting any or unsigned modules [all])? Is it infeasible,
> too hard or not very secure to do this?

No pubkey support in the software kernel crypto provider.  Given that,
it's just a SMOMP, where the "M" for "more programming" in this case means
"parsing horrible X.509 datastructures and making complex policy decisions
in-kernel".

Thor


Home | Main Index | Thread Index | Old Index