Re: Linux 3.2: backports some features from mainline kernel (3.7)?

2012-12-23 Thread daniel curtis
Hello Mr Hutchings Thanks for the explanation of several important issues. It is really good that Debian is, finally, taking security seriously. I mean for example, hardening flags, several compile-time options etc. One of the Wheezy release goal is to update as many packages as possible to use

Re: Linux 3.2: backports some features from mainline kernel (3.7)?

2012-12-23 Thread Ben Hutchings
On Sun, 2012-12-23 at 17:26 +0100, daniel curtis wrote: Hello Mr Hutchings Thanks for the explanation of several important issues. It is really good that Debian is, finally, taking security seriously. I mean for example, hardening flags, several compile-time options etc. One of the

Re: Linux 3.2: backports some features from mainline kernel (3.7)?

2012-12-23 Thread daniel curtis
Hi Your technical blog looks very interesting. Thank You for your blog and maintaining the 3.2 stable series. Best regards.

Re: Linux 3.2: backports some features from mainline kernel (3.7)?

2012-12-21 Thread daniel curtis
Hi, You have written that the sysctl kernel.modules_disabled=1 option is available. I know that, but with cryptographically signed modules the kernel can check the signature and refuse to load any module that can't be verified. Whether this sysctl option offers something similar? By writing,

Re: Linux 3.2: backports some features from mainline kernel (3.7)?

2012-12-21 Thread Ben Hutchings
On Fri, 2012-12-21 at 12:45 +0100, daniel curtis wrote: Hi, You have written that the sysctl kernel.modules_disabled=1 option is available. I know that, but with cryptographically signed modules the kernel can check the signature and refuse to load any module that can't be verified.

Re: Linux 3.2: backports some features from mainline kernel (3.7)?

2012-12-21 Thread daniel curtis
Hi Mr Hutchings, Could you explain, in short, why it is more secure? It seems, that cryptographically signed modules are something... don't know, more secure, *because before loading the module, the kernel can check the signature and refuse to load any that can't be verified.* ;-) symlink and

Re: Linux 3.2: backports some features from mainline kernel (3.7)?

2012-12-21 Thread Ben Hutchings
On Fri, 2012-12-21 at 17:48 +0100, daniel curtis wrote: Hi Mr Hutchings, Could you explain, in short, why it is more secure? It seems, that cryptographically signed modules are something... don't know, more secure, because before loading the module, the kernel can check the signature and

Linux 3.2: backports some features from mainline kernel (3.7)?

2012-12-20 Thread daniel curtis
Hi, I already asked this question on debian-security@ mailing list, but Mr Cyril Brulebois suggested, that a better place to ask this question is a debian-kernel@ mailing list. It is pretty the same question - just copied. Kernel 3.7 is officially out. This Linux release includes many

Re: Linux 3.2: backports some features from mainline kernel (3.7)?

2012-12-20 Thread Ben Hutchings
On Thu, Dec 20, 2012 at 03:46:14PM +0100, daniel curtis wrote: Hi, I already asked this question on debian-security@ mailing list, but Mr Cyril Brulebois suggested, that a better place to ask this question is a debian-kernel@ mailing list. It is pretty the same question - just copied.