Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S268077AbUJNXEz (ORCPT ); Thu, 14 Oct 2004 19:04:55 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S268069AbUJNWZk (ORCPT ); Thu, 14 Oct 2004 18:25:40 -0400 Received: from scrub.xs4all.nl ([194.109.195.176]:24044 "EHLO scrub.xs4all.nl") by vger.kernel.org with ESMTP id S267374AbUJNWP1 (ORCPT ); Thu, 14 Oct 2004 18:15:27 -0400 Date: Fri, 15 Oct 2004 00:15:00 +0200 (CEST) From: Roman Zippel X-X-Sender: roman@scrub.home To: David Woodhouse cc: David Howells , "Rusty Russell (IBM)" , Greg KH , Arjan van de Ven , Joy Latten , lkml - Kernel Mailing List Subject: Re: Fw: signed kernel modules? In-Reply-To: <1097790753.5788.2031.camel@baythorne.infradead.org> Message-ID: References: <1097626296.4013.34.camel@localhost.localdomain> <1096411448.3230.22.camel@localhost.localdomain> <1092403984.29463.11.camel@bach> <26280.1092388799@redhat.com> <27175.1095936746@redhat.com> <30591.1096451074@redhat.com> <10345.1097507482@redhat.com> <1097507755.318.332.camel@hades.cambridge.redhat.com> <1097534090.16153.7.camel@localhost.localdomain> <1097570159.5788.1089.camel@baythorne.infradead.org> <27277.1097702318@redhat.com> <16349.1097752349@redhat.com> <1097755890.318.700.camel@hades.cambridge.redhat.com> <1097764251.318.724.camel@hades.cambridge.redhat.com> <1097789060.5788.2001.camel@baythorne.infradead.org> <1097790753.5788.2031.camel@baythorne.infradead.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 853 Lines: 21 Hi, On Thu, 14 Oct 2004, David Woodhouse wrote: > Partly to protect against accidentally-corrupted modules causing damage. > Partly to allow a sysadmin (or more likely an IT department) to enforce > a policy that only known and approved modules shall be loaded onto > machines which they're expected to support. Partly to allow other > support providers to do likewise, or at least to _detect_ the fact that > unsupported modules are loaded. This really doesn't answer why it has to be done in the kernel. As is it doesn't protect against anything and doing it in user space is as effective. bye, Roman - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/