Return-Path: <linux-kernel-owner+willy=40w.ods.org-S265161AbUJNOYi@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S265161AbUJNOYi (ORCPT <rfc822;willy@w.ods.org>);
	Thu, 14 Oct 2004 10:24:38 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S265207AbUJNOYi
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Thu, 14 Oct 2004 10:24:38 -0400
Received: from scrub.xs4all.nl ([194.109.195.176]:19946 "EHLO scrub.xs4all.nl")
	by vger.kernel.org with ESMTP id S265161AbUJNOW5 (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 14 Oct 2004 10:22:57 -0400
Date: Thu, 14 Oct 2004 16:22:42 +0200 (CEST)
From: Roman Zippel <zippel@linux-m68k.org>
X-X-Sender: roman@scrub.home
To: David Woodhouse <dwmw2@infradead.org>
cc: David Howells <dhowells@redhat.com>,
       "Rusty Russell (IBM)" <rusty@au1.ibm.com>, Greg KH <greg@kroah.com>,
       Arjan van de Ven <arjanv@redhat.com>, Joy Latten <latten@us.ibm.com>,
       lkml - Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Fw: signed kernel modules?
In-Reply-To: <1097755890.318.700.camel@hades.cambridge.redhat.com>
Message-ID: <Pine.LNX.4.61.0410141554330.877@scrub.home>
References: <Pine.LNX.4.61.0410132346080.7182@scrub.home> 
 <1097626296.4013.34.camel@localhost.localdomain>  <1096411448.3230.22.camel@localhost.localdomain>
  <1092403984.29463.11.camel@bach> <20040810002741.GA7764@kroah.com> 
 <1092189167.22236.67.camel@bach> <19388.1092301990@redhat.com> 
 <30797.1092308768@redhat.com>  <20040812111853.GB25950@devserv.devel.redhat.com>
  <20040812200917.GD2952@kroah.com> <26280.1092388799@redhat.com> 
 <27175.1095936746@redhat.com> <30591.1096451074@redhat.com> 
 <10345.1097507482@redhat.com>  <1097507755.318.332.camel@hades.cambridge.redhat.com>
  <1097534090.16153.7.camel@localhost.localdomain> 
 <1097570159.5788.1089.camel@baythorne.infradead.org>  <27277.1097702318@redhat.com>
 <16349.1097752349@redhat.com>  <Pine.LNX.4.61.0410141357380.877@scrub.home>
 <1097755890.318.700.camel@hades.cambridge.redhat.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1216
Lines: 29

Hi,

On Thu, 14 Oct 2004, David Woodhouse wrote:

> How are they related? If you don't trust the _build_ system on which the
> kernel and modules were compiled and signed, the whole game is lost
> anyway.

Well, how do you want to win the whole game? Modules are just one part of 
it, what about the rest? If I'd be that much concerned about modules, I 
would disable module loading completely.

> Insmod is running on the live system, and has nothing to do with the
> build system.

Only a minority of people do cross compile kernels, most people compile 
kernel and modules on the same machine, so that there enough points left 
to attack the system. Even if the kernel is compiled on a different 
machine, how can you trust the kernel you're going to boot next time?
I'm missing how this does fit into the big picture, throwing lots of 
code onto modules doesn't make it more safe. In the meantime there are 
simpler measures to get the system more secure.

bye, Roman
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/