On 2012-10-30 23:45, Eric W. Biederman wrote: > Arvid Brodin <arvid.bro...@xdin.com> writes: >> Hi, >> []
Thanks for the info! >> * Any other comments about the code? > > There are known successful attacks against md5 so using md5 for > something new and security related is a bad idea. > > Userspace can just as easily compute a security hash itself you don't > need kernel support. How would I do this on running code? Does the kernel export the process memory somewhere so that I can pipe it to md5sum? > I recommend you checkout the code in security/ima/ looks like it can > already do what you are trying to do. Ah. I did actually check this out a year and a half ago or something like that. Seems like it has gotten a bit more capable since then with the new patches (immutable executables etc)! I'll take a look at it again to see if it might fit our needs. Thanks! > > Eric -- Arvid Brodin | Consultant (Linux) XDIN AB | Knarrarnäsgatan 7 | SE-164 40 Kista | Sweden | xdin.com
