Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, Jan 29, 2006 at 01:29:01PM +0100, Adrian Bunk wrote:

You are taking the wrong approach.

The _only_ question that matters is:
Why is it technically impossible to do the same in userspace?
If it's technically possible to do the same in userspace, it must not be done in the kernel. 
It may not be impossible, but adding support for dsa key types to the 
in-kernel key management is something like 150 lines of code once the 
dsa crypto-ops are implemented. I think you get a lot of convenience 
for those 150 lines (and yes, I do believe that convenience is also a 
valid argument for adding functionality). Having to protect against all 
attack vectors is much harder in user-space than in kernel-space.

As for the addition of the dsa crypto-ops, you still haven't answered 
the question of how signed modules and/or binaries can be implemented

in userspace...


That's exactly the reason why e.g. kernel 2.6 does not contain a 
webserver.

Apples and oranges

Re,
David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/




















[Index of Archives]
 
 
[Kernel Newbies]
 
 
[Netfilter]
 
 
[Bugtraq]
 
 
[Photo]
 
 
[Stuff]
 
 
[Gimp]
 
 
[Yosemite News]
 
 
[MIPS Linux]
 
 
[ARM Linux]
 
 
[Linux Security]
 
 
[Linux RAID]
 
 
[Video 4 Linux]
 
 
[Linux for the blind]
 
 
[Linux Resources]







 
Powered by Linux