If I can load them, what is the point in module signing (which I imagine has something to do with security)?
http://lwn.net/Articles/92617/ explains this. There is no plans to enforce any restrictions on third party kernel modules being loaded.
As near as I can tell, it just means there is no point in module signing :-).
tomhorsley@adelphia.net wrote:
If I can load them, what is the point in module signing (which I imagine has something to do with security)?
http://lwn.net/Articles/92617/ explains this. There is no plans to enforce any restrictions on third party kernel modules being loaded.
As near as I can tell, it just means there is no point in module signing :-).
Then perhaps you might want to read the article better. Copying the current developer, David Howells if you need more information.
Rahul
On Tue, Aug 15, 2006 at 12:36:45PM -0400, tomhorsley@adelphia.net wrote:
If I can load them, what is the point in module signing (which I imagine has something to do with security)?
http://lwn.net/Articles/92617/ explains this. There is no plans to enforce any restrictions on third party kernel modules being loaded.
As near as I can tell, it just means there is no point in module signing :-).
If I see a kernel oops with a module in the list marked with (U) I know at a glance that it isn't the module as shipped with the kernel RPM.
This has saved head-scratching a number of times.
We could add a write-once sysctl or boot-option to enforce 'only load signed modules' however, but it would be useless for users of 3rd party modules.
Dave
-
Dave Jones -
Rahul Sundaram -
Tom Horsley