Ben Hutchings writes:
> On Tue, 2016-04-26 at 20:07 +0930, Rusty Russell wrote:
>> Ben Hutchings writes:
>> > - if (info->len > markerlen &&
>> > + /*
>> > + * Require flags == 0, as a module with version information
>> > + * removed is no longer the module that was signed
>> > + */
>> >
On Tue, 2016-04-26 at 20:07 +0930, Rusty Russell wrote:
> Ben Hutchings writes:
> >
> > Signing a module should only make it trusted by the specific kernel it
> > was built for, not anything else. Loading a signed module meant for a
> > kernel with a different ABI could have interesting effects.
Ben Hutchings writes:
> Signing a module should only make it trusted by the specific kernel it
> was built for, not anything else. Loading a signed module meant for a
> kernel with a different ABI could have interesting effects.
> Therefore, treat all signatures as invalid when a module is
> forc
Signing a module should only make it trusted by the specific kernel it
was built for, not anything else. Loading a signed module meant for a
kernel with a different ABI could have interesting effects.
Therefore, treat all signatures as invalid when a module is
force-loaded.
Signed-off-by: Ben Hut
4 matches
Mail list logo
