Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S265161AbUJNOYi (ORCPT ); Thu, 14 Oct 2004 10:24:38 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S265207AbUJNOYi (ORCPT ); Thu, 14 Oct 2004 10:24:38 -0400 Received: from scrub.xs4all.nl ([194.109.195.176]:19946 "EHLO scrub.xs4all.nl") by vger.kernel.org with ESMTP id S265161AbUJNOW5 (ORCPT ); Thu, 14 Oct 2004 10:22:57 -0400 Date: Thu, 14 Oct 2004 16:22:42 +0200 (CEST) From: Roman Zippel X-X-Sender: roman@scrub.home To: David Woodhouse cc: David Howells , "Rusty Russell (IBM)" , Greg KH , Arjan van de Ven , Joy Latten , lkml - Kernel Mailing List Subject: Re: Fw: signed kernel modules? In-Reply-To: <1097755890.318.700.camel@hades.cambridge.redhat.com> Message-ID: References: <1097626296.4013.34.camel@localhost.localdomain> <1096411448.3230.22.camel@localhost.localdomain> <1092403984.29463.11.camel@bach> <20040810002741.GA7764@kroah.com> <1092189167.22236.67.camel@bach> <19388.1092301990@redhat.com> <30797.1092308768@redhat.com> <20040812111853.GB25950@devserv.devel.redhat.com> <20040812200917.GD2952@kroah.com> <26280.1092388799@redhat.com> <27175.1095936746@redhat.com> <30591.1096451074@redhat.com> <10345.1097507482@redhat.com> <1097507755.318.332.camel@hades.cambridge.redhat.com> <1097534090.16153.7.camel@localhost.localdomain> <1097570159.5788.1089.camel@baythorne.infradead.org> <27277.1097702318@redhat.com> <16349.1097752349@redhat.com> <1097755890.318.700.camel@hades.cambridge.redhat.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1216 Lines: 29 Hi, On Thu, 14 Oct 2004, David Woodhouse wrote: > How are they related? If you don't trust the _build_ system on which the > kernel and modules were compiled and signed, the whole game is lost > anyway. Well, how do you want to win the whole game? Modules are just one part of it, what about the rest? If I'd be that much concerned about modules, I would disable module loading completely. > Insmod is running on the live system, and has nothing to do with the > build system. Only a minority of people do cross compile kernels, most people compile kernel and modules on the same machine, so that there enough points left to attack the system. Even if the kernel is compiled on a different machine, how can you trust the kernel you're going to boot next time? I'm missing how this does fit into the big picture, throwing lots of code onto modules doesn't make it more safe. In the meantime there are simpler measures to get the system more secure. bye, Roman - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/