[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kernel module loading vs securelevel
On Mon, 18 Oct 2010 09:31:32 -0400
Steven Bellovin <smb%cs.columbia.edu@localhost> wrote:
> Signatures provide *authentication*; what is needed here is *authorization*.
While I agree, there also are situations were both can be welcome...
Another solution someone proposed which I like is hashing the modules
to then at load time rehash and match a module against the hash set,
which would be a simpler, shorter-term solution. I think that
embedding the hashes set in the kernel image would be safer than using
a file, however. Unfortunately, this makes developing, installing or
upgrading a module less friendly as the kernel image has to be
refreshed and the system rebooted.
Main Index |
Thread Index |