tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: How to make module autoloading play nice with securelevel



On Sun, Oct 17, 2010 at 08:09:24AM -0400, Thor Lancelot Simon wrote:
> On Sat, Oct 16, 2010 at 07:56:22PM -0700, Gary Thorpe wrote:
> >
> > Would it be useful to use digital signatures with kernel modules and
> > have the user decide which signatures are "trusted" (including the
> > options of accepting any or unsigned modules [all])? Is it infeasible,
> > too hard or not very secure to do this?
> 
> No pubkey support in the software kernel crypto provider.  Given that,
> it's just a SMOMP, where the "M" for "more programming" in this case means
> "parsing horrible X.509 datastructures and making complex policy decisions
> in-kernel".


Is that all necessary?  Is it not sufficient to just have an immutable
file with one-way hashes for all modules?  Then you have only one file
to protect, and it can be loaded into the kernel at boot-time, so no
mounting-over etc to consider.  And the modules can be stored anywhere.


        Geert


-- 
Geert Hendrickx  -=-  ghen%telenet.be@localhost  -=-  PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!


Home | Main Index | Thread Index | Old Index