Re: module signing?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 15, 2006 at 12:36:45PM -0400, tomhorsley@xxxxxxxxxxxx wrote:
 > > > If I can load them, what is the point in module signing (which I imagine has
 > > > something to do with security)?
 > > > 
 > > http://lwn.net/Articles/92617/ explains this.  There is no plans to 
 > > enforce any restrictions on third party kernel modules being loaded. 
 > 
 > As near as I can tell, it just means there is no point in module signing :-).

If I see a kernel oops with a module in the list marked with (U) I know
at a glance that it isn't the module as shipped with the kernel RPM.

This has saved head-scratching a number of times.

We could add a write-once sysctl or boot-option to enforce 'only load
signed modules' however, but it would be useless for users of 3rd
party modules.

		Dave

-- 
http://www.codemonkey.org.uk


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux