H. Peter Anvin <hpa <at> zytor.com> writes: > > It is a bit more indirect, but also in practice it's a bit trickier than > > that. We need to ensure the memory doesn't change underneath us and > > stays attached to that fd. I can easily see that code slipping and > > ending in an exploit. > > > > But that may be my irrational fear of the mm :) > > You have to do the same thing with a file/file descriptor, I would think. > > However, I keep wondering about the use case for this, as opposed to > signatures.
Two things: 1. finit_module() lets LSMs make decisions based on full information on the module to be loaded 2. On some systems (such as Chromium OS) we have a trusted root OS (e.g. the entire root filesystem is protected using dm-verity); requiring signatures on top of this is a waste of resources -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/