User: Password:
|
|
Subscribe / Log in / New account

KS2012: Module signing

KS2012: Module signing

Posted Sep 7, 2012 13:37 UTC (Fri) by jake (editor, #205)
In reply to: KS2012: Module signing by etienne
Parent article: KS2012: Module signing

> I am not sure to understand why interpreting the content of an ELF
> file looks so difficult.

I don't know that anyone thought it was difficult, exactly, just that it added more code to a path where a bug could be disastrous -- which means that there is more code that needs a *lot* of scrutiny. A malicious module with hand-crafted ELF could then potentially subvert the module verification code.

After all, the module code *does* already have to do some ELF interpretation, but Rusty (at least) wanted to keep that code path to *after* the module's signature was verified.

jake


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds