I don't know that anyone thought it was difficult, exactly, just that it added more code to a path where a bug could be disastrous -- which means that there is more code that needs a *lot* of scrutiny. A malicious module with hand-crafted ELF could then potentially subvert the module verification code.
After all, the module code *does* already have to do some ELF interpretation, but Rusty (at least) wanted to keep that code path to *after* the module's signature was verified.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds