tech-embed archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: LKM
Pål Halvorsen wrote:
> Hi!
>
> Is there any mechanisms that verify that the code in "loadable kernel
> modules" is safe and does not perform operations compromising system
> integrity?
Yes, but none of these are available in NetBSD (or any other wide spread
OS, AFAIK). One such technique is called proof carrying code. Each piece
of code loaded into the kernel is accompanied by a (formal) proof that it
does no damage. Before loading the code the proof+code is run through
a proof checker.
-- Lennart
Home |
Main Index |
Thread Index |
Old Index