Vivek Goyal <vgo...@redhat.com> writes: > Hi, > > This is a very crude RFC for ELF executable signing and verification. This > has been done along the lines of module signature verification.
Yes, but I'm the first to admit that's the wrong lines. The reasons we didn't choose that for module signatures: 1) I was unaware of it, 2) We didn't have a file descriptor in the module syscall, and 3) It needs attributes, and we don't understand xattrs in cpio (though bsdcpio does). #1 and #2 are no longer true; #3 is a simple matter of coding. Since signing binaries is the New Hotness, I'd prefer not to keep reiterating this discussion every month. Let's beef up IMA instead... Thanks, Rusty. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
