Re: How to make module autoloading play nice with securelevel

To: Gary Thorpe <gathorpe79%yahoo.com@localhost>
Subject: Re: How to make module autoloading play nice with securelevel
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Sun, 17 Oct 2010 08:09:24 -0400

On Sat, Oct 16, 2010 at 07:56:22PM -0700, Gary Thorpe wrote:
>
> Would it be useful to use digital signatures with kernel modules and
> have the user decide which signatures are "trusted" (including the
> options of accepting any or unsigned modules [all])? Is it infeasible,
> too hard or not very secure to do this?

No pubkey support in the software kernel crypto provider.  Given that,
it's just a SMOMP, where the "M" for "more programming" in this case means
"parsing horrible X.509 datastructures and making complex policy decisions
in-kernel".

Thor

Follow-Ups:
- Re: How to make module autoloading play nice with securelevel
  - From: Michael Richardson
- Re: How to make module autoloading play nice with securelevel
  - From: Geert Hendrickx

References:
- Re: How to make module autoloading play nice with securelevel
  - From: Gary Thorpe

Prev by Date: Re: acpivga(4) v. MI display controls
Next by Date: Re: How to make module autoloading play nice with securelevel
Previous by Thread: Re: How to make module autoloading play nice with securelevel
Next by Thread: Re: How to make module autoloading play nice with securelevel
Indexes:

Home | Main Index | Thread Index | Old Index