Return-Path: <linux-kernel-owner+willy=40w.ods.org-S267651AbUJOAsS@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S267651AbUJOAsS (ORCPT <rfc822;willy@w.ods.org>);
	Thu, 14 Oct 2004 20:48:18 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S267661AbUJOAsS
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Thu, 14 Oct 2004 20:48:18 -0400
Received: from clock-tower.bc.nu ([81.2.110.250]:9933 "EHLO
	localhost.localdomain") by vger.kernel.org with ESMTP
	id S267651AbUJOAsN (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Thu, 14 Oct 2004 20:48:13 -0400
Subject: Re: Fw: signed kernel modules?
From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: "Rusty Russell (IBM)" <rusty@au1.ibm.com>
Cc: David Woodhouse <dwmw2@infradead.org>, David Howells <dhowells@redhat.com>,
       rusty@ozlabs.au.ibm.com, Greg KH <greg@kroah.com>,
       Arjan van de Ven <arjanv@redhat.com>, Joy Latten <latten@us.ibm.com>,
       lkml - Kernel Mailing List <linux-kernel@vger.kernel.org>
In-Reply-To: <1097707239.14303.22.camel@localhost.localdomain>
References: <1096544201.8043.816.camel@localhost.localdomain>
	 <1096411448.3230.22.camel@localhost.localdomain>
	 <1092403984.29463.11.camel@bach> <1092369784.25194.225.camel@bach>
	 <20040812092029.GA30255@devserv.devel.redhat.com>
	 <20040811211719.GD21894@kroah.com>
	 <OF4B7132F5.8BE9D947-ON87256EEB.007192D0-86256EEB.00740B23@us.ibm.com>
	 <1092097278.20335.51.camel@bach> <20040810002741.GA7764@kroah.com>
	 <1092189167.22236.67.camel@bach> <19388.1092301990@redhat.com>
	 <30797.1092308768@redhat.com>
	 <20040812111853.GB25950@devserv.devel.redhat.com>
	 <20040812200917.GD2952@kroah.com> <26280.1092388799@redhat.com>
	 <27175.1095936746@redhat.com> <30591.1096451074@redhat.com>
	 <10345.1097507482@redhat.com>
	 <1097507755.318.332.camel@hades.cambridge.redhat.com>
	 <1097534090.16153.7.camel@localhost.localdomain>
	 <1097570159.5788.1089.camel@baythorne.infradead.org>
	 <1097626296.4013.34.camel@localhost.localdomain>
	 <1097664137.4440.5.camel@localhost.localdomain>
	 <1097707239.14303.22.camel@localhost.localdomain>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Message-Id: <1097797477.8275.2.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6 (1.4.6-2) 
Date: Fri, 15 Oct 2004 00:44:41 +0100
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 777
Lines: 18

On Mer, 2004-10-13 at 23:40, Rusty Russell (IBM) wrote:
> > Whoops bang "num 0 elements". That check set isn't safe standalone
> 
> Thanks, Alan.
> 
> I'd appreciate your opinion on the issue at hand.  Is it worth 600 lines
> of ELF verification and canonicalization code so we can strip modules
> without altering the signature?

I'm unconvinced at the moment, it seems it would be easier to write the
neccessary code to do this in userspace, and then sign the canonicalised
module so that the kernel interface is small and clean.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/