Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S267770AbUJOBAm (ORCPT ); Thu, 14 Oct 2004 21:00:42 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S267661AbUJOBAm (ORCPT ); Thu, 14 Oct 2004 21:00:42 -0400 Received: from ausmtp02.au.ibm.com ([202.81.18.187]:10393 "EHLO ausmtp02.au.ibm.com") by vger.kernel.org with ESMTP id S267770AbUJOBAj (ORCPT ); Thu, 14 Oct 2004 21:00:39 -0400 Subject: Re: Fw: signed kernel modules? From: "Rusty Russell (IBM)" To: Alan Cox Cc: David Woodhouse , David Howells , rusty@ozlabs.au.ibm.com, Greg KH , Arjan van de Ven , Joy Latten , lkml - Kernel Mailing List In-Reply-To: <1097797477.8275.2.camel@localhost.localdomain> References: <1096544201.8043.816.camel@localhost.localdomain> <1096411448.3230.22.camel@localhost.localdomain> <1092403984.29463.11.camel@bach> <1092369784.25194.225.camel@bach> <20040812092029.GA30255@devserv.devel.redhat.com> <20040811211719.GD21894@kroah.com> <1092097278.20335.51.camel@bach> <20040810002741.GA7764@kroah.com> <1092189167.22236.67.camel@bach> <19388.1092301990@redhat.com> <30797.1092308768@redhat.com> <20040812111853.GB25950@devserv.devel.redhat.com> <20040812200917.GD2952@kroah.com> <26280.1092388799@redhat.com> <27175.1095936746@redhat.com> <30591.1096451074@redhat.com> <10345.1097507482@redhat.com> <1097507755.318.332.camel@hades.cambridge.redhat.com> <1097534090.16153.7.camel@localhost.localdomain> <1097570159.5788.1089.camel@baythorne.infradead.org> <1097626296.4013.34.camel@localhost.localdomain> <1097664137.4440.5.camel@localhost.localdomain> <1097707239.14303.22.camel@localhost.localdomain> <1097797477.8275.2.camel@localhost.localdomain> Content-Type: text/plain Organization: IBM Message-Id: <1097802027.22673.34.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Fri, 15 Oct 2004 11:00:27 +1000 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1354 Lines: 32 On Fri, 2004-10-15 at 09:44, Alan Cox wrote: > On Mer, 2004-10-13 at 23:40, Rusty Russell (IBM) wrote: > > > Whoops bang "num 0 elements". That check set isn't safe standalone > > > > Thanks, Alan. > > > > I'd appreciate your opinion on the issue at hand. Is it worth 600 lines > > of ELF verification and canonicalization code so we can strip modules > > without altering the signature? > > I'm unconvinced at the moment, it seems it would be easier to write the > neccessary code to do this in userspace, and then sign the canonicalised > module so that the kernel interface is small and clean. Well, my original implementation carefully found the signature section, copied it out and zeroed it, then checked the whole module. The two objections David Howells had was (1) stripping the module after build breaks this, and (2) his scheme uses straight GPG signatures and they are of variable length: some wrapper would be needed to handle trailing zeroes in the signature. The advantage was the simplicity of the scheme: very short path the module verification, and no canonicalization step. Rusty. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/