Zack’s Kernel News

Kernel News

Author(s):

Chronicler Zack Brown reports on the latest news, views, dilemmas, and developments within the Linux kernel community.

make MODSIG=1

Mimi Zohar introduced a patch to support ephemeral module signing. The idea is that if you use a private key to sign modules, the kernel can use a public key to ensure that it only loads modules signed by you. Anyone trying to crack into your system by loading a hostile module would find the way blocked.

The problem is that if they do get a certain level of access to your system, they might locate your private key, sign their hostile module with it, and thus crack deeper into your system anyway.

Read full article as PDF:

092-094_kernelnews.pdf (345.26 kB)

Related content

comments powered by Disqus

Direct Download

Read full article as PDF:

092-094_kernelnews.pdf (345.26 kB)

News