tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kernel module loading vs securelevel

On Mon, 18 Oct 2010 09:31:32 -0400
Steven Bellovin <> wrote:

> Signatures provide *authentication*; what is needed here is *authorization*.

While I agree, there also are situations were both can be welcome...

Another solution someone proposed which I like is hashing the modules
to then at load time rehash and match a module against the hash set,
which would be a simpler, shorter-term solution.  I think that
embedding the hashes set in the kernel image would be safer than using
a file, however.  Unfortunately, this makes developing, installing or
upgrading a module less friendly as the kernel image has to be
refreshed and the system rebooted.

Home | Main Index | Thread Index | Old Index