re: home-built kernels
Posted Jul 15, 2004 9:25 UTC (Thu) by and
In reply to: home-built kernels
Parent article: Cryptographic signatures on kernel modules
> You would have to use a one-time GPG private key when building
> kernel+modules or the rootkit would use your private key, sign its
> module and load it.
not exactly: first of all the private key is normally protected by a
password (so the cracker has to circumvent this first) and second there is
no need to store the private key permanently on the system on which the
kernel is build.
the first point implies that you have to enter your password when running
'make modules' the second argument means that you burn your key on CD and
only mount it when you need to rebuild some modules.
to post comments)