Re: [PATCH 2/3] binfmt_elf: Verify signature of signed elf binary

From: Frank Ch. Eigler
Date: Thu Jan 17 2013 - 15:33:46 EST

Next message: Andi Kleen: "[PATCH 04/29] perf, x86: Support the TSX intx/intx_cp qualifiers v2"
Previous message: Thierry Reding: "Re: [PATCH 10/14] PCI: tegra: Move PCIe driver to drivers/pci/host"
In reply to: Kasatkin, Dmitry: "Re: [PATCH 2/3] binfmt_elf: Verify signature of signed elf binary"
Next in thread: Vivek Goyal: "Re: [PATCH 2/3] binfmt_elf: Verify signature of signed elf binary"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Vivek Goyal <vgoyal@xxxxxxxxxx> writes:

> [...]
>> Can you please tell a bit more how this patch protect against direct
>> writing to the blocks?
>
> If you have loaded all the pages from disk and locked them in memory and
> verified the signature, then even if somebody modifies a block on disk
> it does not matter. We will not read pages from disk anymore for this
> exec(). We verified the signature of executable loaded in memory and
> in-memory copy is intact.

Does this imply dramatically increasing physical RAM pressure and load
latency, because binaries (and presumably all their shared libraries)
have to be locked & loaded? (Else if they are paged out to
encrypted-swap, is that sufficient protection against manipulation?)

- FChE
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "[PATCH 04/29] perf, x86: Support the TSX intx/intx_cp qualifiers v2"
Previous message: Thierry Reding: "Re: [PATCH 10/14] PCI: tegra: Move PCIe driver to drivers/pci/host"
In reply to: Kasatkin, Dmitry: "Re: [PATCH 2/3] binfmt_elf: Verify signature of signed elf binary"
Next in thread: Vivek Goyal: "Re: [PATCH 2/3] binfmt_elf: Verify signature of signed elf binary"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]