On Tue, 2013-01-15 at 16:34 -0500, Vivek Goyal wrote: > If a binary is signed, verify its signature. If signature is not valid, do > not allow execution. If binary is not signed, execution is allowed > unconditionally.
Basically you're building the policy into the executable. Anyone can rebuild the executable and, without signing it, install/replace an existing one. How is this safe? The signature verification policy needs to be defined independently of the executable. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
