Re: [PATCH 0/6] MODSIGN: Kernel module signing

On Wed, 14 Feb 2007 22:14:53 PST, Andreas Gruenbacher said:
> I agree, that's really what should happen. We solve this by marking modules as
> supported, partner supported, or unsupported, but in an "insecure" way, so
> partners and users could try to fake the support status of a module and/or
> remove status flags from Oopses, and cryptography wouldn't save us.

Where cryptography *can* save you is that a partner or user can't fake a
'Suse Supported' signature without access to the Suse private key.

Attachment: pgpejV5RmyF4J.pgp
Description: PGP signature

Follow-Ups:
- Re: [PATCH 0/6] MODSIGN: Kernel module signing
  - From: Andreas Gruenbacher <[email protected]>

References:
- [PATCH 0/6] MODSIGN: Kernel module signing
  - From: David Howells <[email protected]>
- Re: [PATCH 0/6] MODSIGN: Kernel module signing
  - From: Andreas Gruenbacher <[email protected]>
- Re: [PATCH 0/6] MODSIGN: Kernel module signing
  - From: Dave Jones <[email protected]>
- Re: [PATCH 0/6] MODSIGN: Kernel module signing
  - From: Andreas Gruenbacher <[email protected]>

Prev by Date: Re: [PATCH] serial driver PMC MSP71xx, kernel linux-mips.git master
Next by Date: Re: [PATCH 2/7] containers (V7): Cpusets hooked into containers
Previous by thread: Re: [PATCH 0/6] MODSIGN: Kernel module signing
Next by thread: Re: [PATCH 0/6] MODSIGN: Kernel module signing
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]