Subject: Re: LKM
To: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
From: Steven M. Bellovin <smb@research.att.com>
List: tech-security
Date: 09/14/2001 14:08:21
In message <Pine.GSO.4.21.0109142002260.5195-100000@rfhpc8320>, Hubert Feyrer w
rites:
>
>[trimmed list of lists this goes to]
>
>On Fri, 14 Sep 2001, Lennart Augustsson wrote:
>> > Is there any mechanisms that verify that the code in "loadable kernel
>> > modules" is safe and does not perform operations compromising system
>> > integrity?
>>
>> Yes, but none of these are available in NetBSD (or any other wide spread
>> OS, AFAIK). One such technique is called proof carrying code. Each piece
>> of code loaded into the kernel is accompanied by a (formal) proof that it
>> does no damage. Before loading the code the proof+code is run through
>> a proof checker.
>
>Isn't that similar to the "driver signing" WinXP does?
>
No. Driver-signing says (at most) who wrote the driver; it says
nothing about what it does or doesn't do.
--Steve Bellovin, http://www.research.att.com/~smb
http://www.wilyhacker.com