On Tue, Aug 15, 2006 at 12:36:45PM -0400, tomhorsley@xxxxxxxxxxxx wrote: > > > If I can load them, what is the point in module signing (which I imagine has > > > something to do with security)? > > > > > http://lwn.net/Articles/92617/ explains this. There is no plans to > > enforce any restrictions on third party kernel modules being loaded. > > As near as I can tell, it just means there is no point in module signing :-). If I see a kernel oops with a module in the list marked with (U) I know at a glance that it isn't the module as shipped with the kernel RPM. This has saved head-scratching a number of times. We could add a write-once sysctl or boot-option to enforce 'only load signed modules' however, but it would be useless for users of 3rd party modules. Dave -- http://www.codemonkey.org.uk
