Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthenticationof binaries

From: Geert Uytterhoeven
Date: Tue Apr 25 2006 - 09:00:41 EST

Next message: Corey Minyard: "Re: [PATCH 2/2] ipmi: strstrip conversion"
Previous message: James Carter: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
In reply to: Serge E. Hallyn: "Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 25 Apr 2006, Arjan van de Ven wrote:
> On Tue, 2006-04-25 at 00:35 +0100, Nix wrote:
> > On Mon, 24 Apr 2006, Arjan van de Ven yowled:
> > > On Mon, 2006-04-24 at 21:32 +0100, Nix wrote:
> > >> It checks mmap and mprotect with PROT_EXEC, and execve().
> > >
> > > so no jvm's or flash plugins.
> >
> > Well, you'll have to sign the flash plugin. This isn't
> > sign-at-compilation-time;
>
> the point I made is that a jvm has executable memory capabilities (it
> has to) and can be made an elf loader. At which point.. game over.

Then don't sign the jvm ;-)

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Corey Minyard: "Re: [PATCH 2/2] ipmi: strstrip conversion"
Previous message: James Carter: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
In reply to: Serge E. Hallyn: "Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]