From: Dave Jones <davej@redhat.com>
To: Andreas Gruenbacher <agruen@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>,
David Howells <dhowells@redhat.com>,
torvalds@linux-foundation.org, herbert.xu@redhat.com,
linux-kernel@vger.kernel.org, arjan@infradead.org,
linux-crypto@vger.kernel.org
Subject: Re: [PATCH 0/6] MODSIGN: Kernel module signing
Date: Thu, 15 Feb 2007 01:22:18 -0500 [thread overview]
Message-ID: <20070215062218.GA917@redhat.com> (raw)
In-Reply-To: <200702142214.53625.agruen@suse.de>
On Wed, Feb 14, 2007 at 10:14:53PM -0800, Andreas Gruenbacher wrote:
> On Wednesday 14 February 2007 21:45, Dave Jones wrote:
> > well, the situation for external modules is no worse than usual.
> > They still work, they just aren't signed. Which from a distributor point
> > of view, is actually a nice thing, as they stick out like a sore thumb
> > in oops reports with (U) markers :)
>
> I agree, that's really what should happen. We solve this by marking modules as
> supported, partner supported, or unsupported, but in an "insecure" way, so
> partners and users could try to fake the support status of a module and/or
> remove status flags from Oopses, and cryptography wouldn't save us. We could
> try to sign Oopses which I guess you guys are doing. This whole issue hasn't
> been a serious problem in the past though, and we generally try to trust
> users not to play games on us.
For the most part it works out. I've had users file oopses where they've editted
out Tainted: P, and left in nvidia(U) for example :-)
Dave
--
http://www.codemonkey.org.uk
next prev parent reply other threads:[~2007-02-15 6:22 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-14 19:09 [PATCH 0/6] MODSIGN: Kernel module signing David Howells
2007-02-14 19:09 ` [PATCH 2/6] MODSIGN: In-kernel crypto extensions David Howells
2007-02-14 19:09 ` [PATCH 3/6] MODSIGN: Add indications of module ELF types David Howells
2007-02-14 19:09 ` [PATCH 4/6] MODSIGN: Module ELF verifier David Howells
2007-02-14 19:10 ` [PATCH 5/6] MODSIGN: Module signature checker and key manager David Howells
2007-02-14 19:10 ` [PATCH 6/6] MODSIGN: Apply signature checking to modules on module load David Howells
2007-02-14 19:26 ` [PATCH 0/6] MODSIGN: Kernel module signing Linus Torvalds
2007-02-14 19:40 ` David Howells
2007-02-14 21:32 ` Michael Halcrow
2007-02-14 21:59 ` David Howells
2007-02-14 22:21 ` Michael Halcrow
2007-02-15 21:31 ` Indan Zupancic
2007-02-15 3:41 ` Andrew Morton
2007-02-15 4:13 ` Dave Jones
2007-02-15 5:35 ` Andreas Gruenbacher
2007-02-15 5:45 ` Dave Jones
2007-02-15 6:14 ` Andreas Gruenbacher
2007-02-15 6:22 ` Dave Jones [this message]
2007-02-15 20:34 ` Valdis.Kletnieks
2007-02-15 22:12 ` Andreas Gruenbacher
2007-02-16 0:15 ` Olaf Kirch
2007-02-15 22:10 ` Pavel Machek
2007-02-15 20:55 ` Valdis.Kletnieks
2007-02-15 21:32 ` Adrian Bunk
2007-02-15 22:12 ` Valdis.Kletnieks
2007-02-15 14:35 ` Roman Zippel
2007-02-15 17:32 ` David Howells
2007-02-15 18:33 ` Roman Zippel
2007-02-15 20:01 ` David Lang
2007-02-15 21:01 ` Roman Zippel
2007-02-15 21:03 ` Adrian Bunk
2007-02-15 22:13 ` Pavel Machek
2007-02-16 20:21 ` Dave Jones
2007-02-16 20:27 ` Arjan van de Ven
[not found] <7OPWh-470-9@gated-at.bofh.it>
[not found] ` <7OxPF-16i-7@gated-at.bofh.it>
[not found] ` <7OSKA-8A-17@gated-at.bofh.it>
[not found] ` <7OTGJ-1G5-23@gated-at.bofh.it>
2007-02-16 15:38 ` Bodo Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070215062218.GA917@redhat.com \
--to=davej@redhat.com \
--cc=agruen@suse.de \
--cc=akpm@linux-foundation.org \
--cc=arjan@infradead.org \
--cc=dhowells@redhat.com \
--cc=herbert.xu@redhat.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.