Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthenticationof binaries
From: Geert Uytterhoeven
Date: Tue Apr 25 2006 - 09:00:41 EST
On Tue, 25 Apr 2006, Arjan van de Ven wrote:
> On Tue, 2006-04-25 at 00:35 +0100, Nix wrote:
> > On Mon, 24 Apr 2006, Arjan van de Ven yowled:
> > > On Mon, 2006-04-24 at 21:32 +0100, Nix wrote:
> > >> It checks mmap and mprotect with PROT_EXEC, and execve().
> > >
> > > so no jvm's or flash plugins.
> >
> > Well, you'll have to sign the flash plugin. This isn't
> > sign-at-compilation-time;
>
> the point I made is that a jvm has executable memory capabilities (it
> has to) and can be made an elf loader. At which point.. game over.
Then don't sign the jvm ;-)
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/