Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S267651AbUJOAsS (ORCPT ); Thu, 14 Oct 2004 20:48:18 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S267661AbUJOAsS (ORCPT ); Thu, 14 Oct 2004 20:48:18 -0400 Received: from clock-tower.bc.nu ([81.2.110.250]:9933 "EHLO localhost.localdomain") by vger.kernel.org with ESMTP id S267651AbUJOAsN (ORCPT ); Thu, 14 Oct 2004 20:48:13 -0400 Subject: Re: Fw: signed kernel modules? From: Alan Cox To: "Rusty Russell (IBM)" Cc: David Woodhouse , David Howells , rusty@ozlabs.au.ibm.com, Greg KH , Arjan van de Ven , Joy Latten , lkml - Kernel Mailing List In-Reply-To: <1097707239.14303.22.camel@localhost.localdomain> References: <1096544201.8043.816.camel@localhost.localdomain> <1096411448.3230.22.camel@localhost.localdomain> <1092403984.29463.11.camel@bach> <1092369784.25194.225.camel@bach> <20040812092029.GA30255@devserv.devel.redhat.com> <20040811211719.GD21894@kroah.com> <1092097278.20335.51.camel@bach> <20040810002741.GA7764@kroah.com> <1092189167.22236.67.camel@bach> <19388.1092301990@redhat.com> <30797.1092308768@redhat.com> <20040812111853.GB25950@devserv.devel.redhat.com> <20040812200917.GD2952@kroah.com> <26280.1092388799@redhat.com> <27175.1095936746@redhat.com> <30591.1096451074@redhat.com> <10345.1097507482@redhat.com> <1097507755.318.332.camel@hades.cambridge.redhat.com> <1097534090.16153.7.camel@localhost.localdomain> <1097570159.5788.1089.camel@baythorne.infradead.org> <1097626296.4013.34.camel@localhost.localdomain> <1097664137.4440.5.camel@localhost.localdomain> <1097707239.14303.22.camel@localhost.localdomain> Content-Type: text/plain Content-Transfer-Encoding: 7bit Message-Id: <1097797477.8275.2.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 (1.4.6-2) Date: Fri, 15 Oct 2004 00:44:41 +0100 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 777 Lines: 18 On Mer, 2004-10-13 at 23:40, Rusty Russell (IBM) wrote: > > Whoops bang "num 0 elements". That check set isn't safe standalone > > Thanks, Alan. > > I'd appreciate your opinion on the issue at hand. Is it worth 600 lines > of ELF verification and canonicalization code so we can strip modules > without altering the signature? I'm unconvinced at the moment, it seems it would be easier to write the neccessary code to do this in userspace, and then sign the canonicalised module so that the kernel interface is small and clean. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/