Adding signatures to the modules before they're relocated doesn't buy you much
if you then just allow modprobe to do the relocation itself.
The linker (in modprobe) can do nasty things with the relocations - so if you
just checksum it before it's linked then you can still be vulnerable.
To really do this securely, I suspect we'd need to actually put the linker
into the kernel, rather than having it in modprobe as it is at the moment.
-- dwmw2
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/