On Thu, Jan 17, 2013 at 06:22:47PM +0200, Kasatkin, Dmitry wrote: [..] > > Currently it is expected to use these patches only for statically linked > > executables. No dynamic linking. In fact patches specifically disable > > calling interpreter. This does not prevent against somebody using dlopen() > > sutff. So don't sign binaries which do that. > > How dynamic linking and interpreter are related together?
Well interpreter will do the dynamic linking automatically? So I blocked that. > > This is rather policy than enforcement. > Protection works only for statically linked binaries, because dynamic > libraries are not verified. Agreed. Thanks Vivek -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
