module signing?
Dave Jones
davej at redhat.com
Tue Aug 15 20:35:14 UTC 2006
On Tue, Aug 15, 2006 at 12:36:45PM -0400, tomhorsley at adelphia.net wrote:
> > > If I can load them, what is the point in module signing (which I imagine has
> > > something to do with security)?
> > >
> > http://lwn.net/Articles/92617/ explains this. There is no plans to
> > enforce any restrictions on third party kernel modules being loaded.
>
> As near as I can tell, it just means there is no point in module signing :-).
If I see a kernel oops with a module in the list marked with (U) I know
at a glance that it isn't the module as shipped with the kernel RPM.
This has saved head-scratching a number of times.
We could add a write-once sysctl or boot-option to enforce 'only load
signed modules' however, but it would be useless for users of 3rd
party modules.
Dave
--
http://www.codemonkey.org.uk
More information about the fedora-list
mailing list