It'll protect (to some extent) ordinary users from their own stupidity. Not much use if root themselves is trying to subvert it.
1) Write your "black hat script"
2) gdb /bin/sh
3) break send_hash_to_kernel
4) run sh black-hat-script.sh
5) set hash_value = permitted_value
The trusted computing folk can get around this by prohibiting gdb... anyone reminded of http://www.gnu.org/philosophy/right-to-read.html ?
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds