Re: Future Linux devel. Kernels

From: Alan Cox (alan@lxorguk.ukuu.org.uk)
Date: Sun May 07 2000 - 17:35:04 EDT

Next message: peeterj@ca.ibm.com: "[PATCH] small 2.3.99-pre6 ibmtr_cs problems. (Config.in & csum _partial_copy undefined)"

Previous message: octave klaba: "kernel panic HOWTO"
In reply to: Ed Carp: "Re: Future Linux devel. Kernels"
Next in thread: Igmar Palsenberg: "Re: Future Linux devel. Kernels"
Reply: Igmar Palsenberg: "Re: Future Linux devel. Kernels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Signatures don't make the kernel any more secure, they just give the illusion
> of security - IMO, the worst possible kind.

They are very valuable for distribution of modules. For example in ensuring
a Red Hat or Debian kernel package isnt tampered with. At runtime I tend to
agree.

There are system setups where signed binaries are a very powerful security
feature but it is not enough to simply sign binaries, you have to review
every syscall capable interpreter too.

Signed binaries doesn't stop glorious hacks and apps in perl

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: peeterj@ca.ibm.com: "[PATCH] small 2.3.99-pre6 ibmtr_cs problems. (Config.in & csum _partial_copy undefined)"
Previous message: octave klaba: "kernel panic HOWTO"
In reply to: Ed Carp: "Re: Future Linux devel. Kernels"
Next in thread: Igmar Palsenberg: "Re: Future Linux devel. Kernels"
Reply: Igmar Palsenberg: "Re: Future Linux devel. Kernels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun May 07 2000 - 17:40:46 EDT