Re: [PATCH 00/23] Crypto keys and module signing

From: David Howells
Date: Thu May 31 2012 - 10:11:16 EST

Next message: sjur . brandeland: "[RFC] remoteproc: Add custom STE-modem firmware loader."
Previous message: Jeff Moyer: "Re: [PATCH 2/2] ocfs2: clear unaligned io flag when dio fails"
In reply to: Josh Boyer: "Re: [PATCH 00/23] Crypto keys and module signing"
Next in thread: Kasatkin, Dmitry: "Re: [PATCH 00/23] Crypto keys and module signing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote:

> > That then adds 5 bytes to the magic string. Is that really so bad?
>
> Yes, because it's unnecessary.

I'm sorry Rusty, but this argument is disingenuous.

Yes, a length field in the file is unnecessary - BUT SO TOO is scanning! By
this argument, your idea is really so bad too. It's all about the trade off
one chooses to make. I do not accept your chosen trade off[*] as being the
best one.

David

[*] And, yes, it *is* a trade off: you are trading CPU time and permanently
resident kernel code space in order to save a tiny amount of disk
space[**].

[**] Assuming 512 byte blocks and a 5 byte size field, probably fewer than 1%
of modules will expand sufficiently to consume an extra block. Further,
making it a 2-byte binary field would make it even less intrusive, both
in the file and in the module verifier.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: sjur . brandeland: "[RFC] remoteproc: Add custom STE-modem firmware loader."
Previous message: Jeff Moyer: "Re: [PATCH 2/2] ocfs2: clear unaligned io flag when dio fails"
In reply to: Josh Boyer: "Re: [PATCH 00/23] Crypto keys and module signing"
Next in thread: Kasatkin, Dmitry: "Re: [PATCH 00/23] Crypto keys and module signing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]