[trimmed list of lists this goes to]

On Fri, 14 Sep 2001, Lennart Augustsson wrote:
> > Is there any mechanisms that verify that the code in "loadable kernel
> > modules" is safe and does not perform operations compromising system
> > integrity?
> 
> Yes, but none of these are available in NetBSD (or any other wide spread
> OS, AFAIK).  One such technique is called proof carrying code.  Each piece
> of code loaded into the kernel is accompanied by a (formal) proof that it
> does no damage.  Before loading the code the proof+code is run through
> a proof checker.

Isn't that similar to the "driver signing" WinXP does? 

On a related note, IIRC there's some work going on about allowing only
signed binaries to run. Maybe that could be extended to LKMs somehow.


 - Hubert

-- 
Want to get a clue on IPv6 but don't know where to start? Try this:
* Basics -> http://www.onlamp.com/pub/a/onlamp/2001/05/24/ipv6_tutorial.html
* Setup  -> http://www.onlamp.com/pub/a/onlamp/2001/06/01/ipv6_tutorial.html 
Of course with your #1 IPv6 ready operating system -> http://www.NetBSD.org/