Return-Path: <linux-kernel-owner+willy=40w.ods.org-S263769AbUJNMPu@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S263769AbUJNMPu (ORCPT <rfc822;willy@w.ods.org>);
	Thu, 14 Oct 2004 08:15:50 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S263778AbUJNMPt
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Thu, 14 Oct 2004 08:15:49 -0400
Received: from mx1.redhat.com ([66.187.233.31]:40414 "EHLO mx1.redhat.com")
	by vger.kernel.org with ESMTP id S263769AbUJNMPs (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 14 Oct 2004 08:15:48 -0400
From: David Howells <dhowells@redhat.com>
In-Reply-To: <Pine.LNX.4.61.0410141357380.877@scrub.home> 
References: <Pine.LNX.4.61.0410141357380.877@scrub.home>  <Pine.LNX.4.61.0410132346080.7182@scrub.home> <1097626296.4013.34.camel@localhost.localdomain> <1096411448.3230.22.camel@localhost.localdomain> <1092403984.29463.11.camel@bach> <1092369784.25194.225.camel@bach> <20040812092029.GA30255@devserv.devel.redhat.com> <20040811211719.GD21894@kroah.com> <OF4B7132F5.8BE9D947-ON87256EEB.007192D0-86256EEB.00740B23@us.ibm.com> <1092097278.20335.51.camel@bach> <20040810002741.GA7764@kroah.com> <1092189167.22236.67.camel@bach> <19388.1092301990@redhat.com> <30797.1092308768@redhat.com> <20040812111853.GB25950@devserv.devel.redhat.com> <20040812200917.GD2952@kroah.com> <26280.1092388799@redhat.com> <27175.1095936746@redhat.com> <30591.1096451074@redhat.com> <10345.1097507482@redhat.com> <1097507755.318.332.camel@hades.cambridge.redhat.com> <1097534090.16153.7.camel@localhost.localdomain> <1097570159.5788.1089.camel@baythorne.infradead.org> <27277.1097702318@redhat.com> <16349.1097752!
 349@redhat.com> 
To: Roman Zippel <zippel@linux-m68k.org>
Cc: "Rusty Russell (IBM)" <rusty@au1.ibm.com>,
       David Woodhouse <dwmw2@infradead.org>, Greg KH <greg@kroah.com>,
       Arjan van de Ven <arjanv@redhat.com>, Joy Latten <latten@us.ibm.com>,
       lkml - Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Fw: signed kernel modules? 
User-Agent: EMH/1.14.1 SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.6 Emacs/21.3 (i386-redhat-linux-gnu) MULE/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen")
Content-Type: text/plain; charset=US-ASCII
Date: Thu, 14 Oct 2004 13:14:16 +0100
Message-ID: <17271.1097756056@redhat.com>
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 748
Lines: 19


> I'm trying to understand the reason to stuff this into kernel. Why can't 
> this check be done before loading the module into the kernel? If you don't 
> trust insmod, how can you trust the build system?

 (1) insmod isn't the only way to load a module.

 (2) This helps limit what an intruder can do; particularly if you combine it
     with other measures.

 (3) Who says the kernel RPM is built on the same machine as the one you
     really want to deploy this on for the added protection?

David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/