Re: How to make module autoloading play nice with securelevel

To: Thor Lancelot Simon <tls%panix.com@localhost>
Subject: Re: How to make module autoloading play nice with securelevel
From: Geert Hendrickx <ghen%telenet.be@localhost>
Date: Sun, 17 Oct 2010 14:29:02 +0200

On Sun, Oct 17, 2010 at 08:09:24AM -0400, Thor Lancelot Simon wrote:
> On Sat, Oct 16, 2010 at 07:56:22PM -0700, Gary Thorpe wrote:
> >
> > Would it be useful to use digital signatures with kernel modules and
> > have the user decide which signatures are "trusted" (including the
> > options of accepting any or unsigned modules [all])? Is it infeasible,
> > too hard or not very secure to do this?
> 
> No pubkey support in the software kernel crypto provider.  Given that,
> it's just a SMOMP, where the "M" for "more programming" in this case means
> "parsing horrible X.509 datastructures and making complex policy decisions
> in-kernel".


Is that all necessary?  Is it not sufficient to just have an immutable
file with one-way hashes for all modules?  Then you have only one file
to protect, and it can be loaded into the kernel at boot-time, so no
mounting-over etc to consider.  And the modules can be stored anywhere.


        Geert


-- 
Geert Hendrickx  -=-  ghen%telenet.be@localhost  -=-  PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!

References:
- Re: How to make module autoloading play nice with securelevel
  - From: Gary Thorpe
- Re: How to make module autoloading play nice with securelevel
  - From: Thor Lancelot Simon

Prev by Date: Re: How to make module autoloading play nice with securelevel
Next by Date: Re: kernel module loading vs securelevel
Previous by Thread: Re: How to make module autoloading play nice with securelevel
Next by Thread: Re: How to make module autoloading play nice with securelevel
Indexes:

Home | Main Index | Thread Index | Old Index