tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: How to make module autoloading play nice with securelevel



>>>>> "Thor" == Thor Lancelot Simon <tls%panix.com@localhost> writes:
    >> Would it be useful to use digital signatures with kernel modules
    >> and have the user decide which signatures are "trusted"
    >> (including the options of accepting any or unsigned modules
    >> [all])? Is it infeasible, too hard or not very secure to do this?

    Thor> No pubkey support in the software kernel crypto provider.
    Thor> Given that, it's just a SMOMP, where the "M" for "more
    Thor> programming" in this case means "parsing horrible X.509
    Thor> datastructures and making complex policy decisions in-kernel".

Not only does the file-of-hashes get rid of this, but even if you wanted
asymmetric signatures, really, you don't need to parse all of the X.509
stuff in the kernel.  You just need the (raw) public keys which are to be
trusted, no chains, etc.  Signature contents themselves look like they
require ASN parsing, but they are really designed (due to DER) such that
they really can't change, and many verifiers do not parse ASN1 there
either.


-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr%sandelman.ottawa.on.ca@localhost http://www.sandelman.ottawa.on.ca/ 
|device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
                       then sign the petition. 


Home | Main Index | Thread Index | Old Index