On Wed, Nov 29, 2017 at 10:58:16AM -0500, David Miller wrote: > That's not what we're talking about. > > We're talking about making sure that loading "ppp.ko" really gets > ppp.ko rather than some_other_module.ko renamed to ppp.ko via some > other mechanism.
Right, and the best solution to this problem is to include in the signature the name of the module. (One way of doing this is adding the module name into the cryptographic checksum which is then digitally signed by the kernel module key; we would have to bump the version number of the signature format, obviously.) This binds the name of the module into the digital signature so that it can't be renamed. - Ted