Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S270021AbUJNKSM (ORCPT ); Thu, 14 Oct 2004 06:18:12 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S270023AbUJNKSM (ORCPT ); Thu, 14 Oct 2004 06:18:12 -0400 Received: from mx1.redhat.com ([66.187.233.31]:36005 "EHLO mx1.redhat.com") by vger.kernel.org with ESMTP id S270021AbUJNKSJ (ORCPT ); Thu, 14 Oct 2004 06:18:09 -0400 From: David Howells In-Reply-To: <1097707239.14303.22.camel@localhost.localdomain> References: <1097707239.14303.22.camel@localhost.localdomain> <1096544201.8043.816.camel@localhost.localdomain> <1096411448.3230.22.camel@localhost.localdomain> <1092403984.29463.11.camel@bach> <1092369784.25194.225.camel@bach> <20040812092029.GA30255@devserv.devel.redhat.com> <20040811211719.GD21894@kroah.com> <1092097278.20335.51.camel@bach> <20040810002741.GA7764@kroah.com> <1092189167.22236.67.camel@bach> <19388.1092301990@redhat.com> <30797.1092308768@redhat.com> <20040812111853.GB25950@devserv.devel.redhat.com> <20040812200917.GD2952@kroah.com> <26280.1092388799@redhat.com> <27175.1095936746@redhat.com> <30591.1096451074@redhat.com> <10345.1097507482@redhat.com> <1097507755.318.332.camel@hades.cambridge.redhat.com> <1097534090.16153.7.camel@localhost.localdomain> <1097570159.5788.1089.camel@baythorne.infradead.org> <1097626296.4013.34.camel@localhost.localdomain> <1097664137.4440.5.camel@localhost.! localdomain> To: "Rusty Russell (IBM)" Cc: Alan Cox , David Woodhouse , rusty@ozlabs.au.ibm.com, Greg KH , Arjan van de Ven , Joy Latten , lkml - Kernel Mailing List Subject: Re: Fw: signed kernel modules? User-Agent: EMH/1.14.1 SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.6 Emacs/21.3 (i386-redhat-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII Date: Thu, 14 Oct 2004 11:17:46 +0100 Message-ID: <14000.1097749066@redhat.com> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 897 Lines: 20 > I'd appreciate your opinion on the issue at hand. Is it worth 600 lines > of ELF verification and canonicalization code so we can strip modules > without altering the signature? You have to some of the ELF verification anyway, otherwise your suggested way is just as pointless. You had included somde code in your example, but what that did wasn't sufficient either - it can trivially be broken. I think we should verify the ELF anyway upon module load; it doesn't take very long, and the data cache works in our favour. This then means we can drop some checks later on in the module loading because we can trust the ELF to a known extent. David - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/