Re: kernel module loading vs securelevel

To: Thor Lancelot Simon <tls%panix.com@localhost>
Subject: Re: kernel module loading vs securelevel
From: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Date: Mon, 18 Oct 2010 14:51:03 +0200

On Sun, 17 Oct 2010 20:11:06 -0400, Thor Lancelot Simon 
<tls%panix.com@localhost>
wrote:
> On Sun, Oct 17, 2010 at 04:04:59PM -0400, Matthew Mondor wrote:
>> On Sat, 16 Oct 2010 13:58:19 -0400
>> Thor Lancelot Simon <tls%panix.com@localhost> wrote:
>> 
>> >    2) Finish the asymmetric operation support in cryptodev and
>> >       actually require modules to be signed.  This is basically a
>> >       superset of #1 above that could get about as complicated as
>> >       one wanted it to (ugh) but might be worthwhile if kept simple.
>> 
>> You seem to now agree with me that this could be a solution.  It
>> indeed requires more work, but it also has advantages: not having to
> 
> Let me know when you've got the code ready for review.

*lurker mode off*
IIRC, part of agc work with netpgp is to integrate signature verification
within kernel.
*lurker mode on*

-- 
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost

Follow-Ups:
- Re: kernel module loading vs securelevel
  - From: Matthew Mondor
- Re: kernel module loading vs securelevel
  - From: Steven Bellovin

References:
- Re: kernel module loading vs securelevel
  - From: David Holland
- Re: kernel module loading vs securelevel
  - From: Izumi Tsutsui
- Re: kernel module loading vs securelevel
  - From: Masao Uebayashi
- Re: kernel module loading vs securelevel
  - From: Thor Lancelot Simon
- Re: kernel module loading vs securelevel
  - From: Matthew Mondor
- Re: kernel module loading vs securelevel
  - From: Thor Lancelot Simon

Prev by Date: Re: kernel module loading vs securelevel
Next by Date: Re: How to make module autoloading play nice with securelevel
Previous by Thread: Re: kernel module loading vs securelevel
Next by Thread: Re: kernel module loading vs securelevel
Indexes:

Home | Main Index | Thread Index | Old Index