Return-Path: <linux-kernel-owner+willy=40w.ods.org-S268077AbUJNXEz@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S268077AbUJNXEz (ORCPT <rfc822;willy@w.ods.org>);
	Thu, 14 Oct 2004 19:04:55 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S268069AbUJNWZk
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Thu, 14 Oct 2004 18:25:40 -0400
Received: from scrub.xs4all.nl ([194.109.195.176]:24044 "EHLO scrub.xs4all.nl")
	by vger.kernel.org with ESMTP id S267374AbUJNWP1 (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 14 Oct 2004 18:15:27 -0400
Date: Fri, 15 Oct 2004 00:15:00 +0200 (CEST)
From: Roman Zippel <zippel@linux-m68k.org>
X-X-Sender: roman@scrub.home
To: David Woodhouse <dwmw2@infradead.org>
cc: David Howells <dhowells@redhat.com>,
       "Rusty Russell (IBM)" <rusty@au1.ibm.com>, Greg KH <greg@kroah.com>,
       Arjan van de Ven <arjanv@redhat.com>, Joy Latten <latten@us.ibm.com>,
       lkml - Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Fw: signed kernel modules?
In-Reply-To: <1097790753.5788.2031.camel@baythorne.infradead.org>
Message-ID: <Pine.LNX.4.61.0410150002540.877@scrub.home>
References: <Pine.LNX.4.61.0410132346080.7182@scrub.home> 
 <1097626296.4013.34.camel@localhost.localdomain>  <1096411448.3230.22.camel@localhost.localdomain>
  <1092403984.29463.11.camel@bach> <26280.1092388799@redhat.com> 
 <27175.1095936746@redhat.com> <30591.1096451074@redhat.com> 
 <10345.1097507482@redhat.com>  <1097507755.318.332.camel@hades.cambridge.redhat.com>
  <1097534090.16153.7.camel@localhost.localdomain> 
 <1097570159.5788.1089.camel@baythorne.infradead.org>  <27277.1097702318@redhat.com>
 <16349.1097752349@redhat.com>  <Pine.LNX.4.61.0410141357380.877@scrub.home>
  <1097755890.318.700.camel@hades.cambridge.redhat.com> 
 <Pine.LNX.4.61.0410141554330.877@scrub.home>  <1097764251.318.724.camel@hades.cambridge.redhat.com>
  <Pine.LNX.4.61.0410142256360.877@scrub.home>  <1097789060.5788.2001.camel@baythorne.infradead.org>
  <Pine.LNX.4.61.0410142331020.877@scrub.home> <1097790753.5788.2031.camel@baythorne.infradead.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 853
Lines: 21

Hi,

On Thu, 14 Oct 2004, David Woodhouse wrote:

> Partly to protect against accidentally-corrupted modules causing damage.
> Partly to allow a sysadmin (or more likely an IT department) to enforce
> a policy that only known and approved modules shall be loaded onto
> machines which they're expected to support. Partly to allow other
> support providers to do likewise, or at least to _detect_ the fact that
> unsupported modules are loaded.

This really doesn't answer why it has to be done in the kernel. As is it 
doesn't protect against anything and doing it in user space is as 
effective.

bye, Roman
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/