On 2012-10-30 23:45, Eric W. Biederman wrote:
> Arvid Brodin <arvid.bro...@xdin.com> writes:
>> Hi,
>> []

Thanks for the info!

>> * Any other comments about the code?
> 
> There are known successful attacks against md5 so using md5 for
> something new and security related is a bad idea.
> 
> Userspace can just as easily compute a security hash itself you don't
> need kernel support.

How would I do this on running code? Does the kernel export the process memory 
somewhere
so that I can pipe it to md5sum?


> I recommend you checkout the code in security/ima/ looks like it can
> already do what you are trying to do.

Ah. I did actually check this out a year and a half ago or something like that. 
Seems like
it has gotten a bit more capable since then with the new patches (immutable 
executables
etc)! I'll take a look at it again to see if it might fit our needs. Thanks!

> 
> Eric


-- 
Arvid Brodin | Consultant (Linux)
XDIN AB | Knarrarnäsgatan 7 | SE-164 40 Kista | Sweden | xdin.com

Reply via email to