Date: Wed, 8 May 2002 11:52:21 -0700 From: "Crist J. Clark" <crist.clark@attbi.com> To: Miguel Mendez <flynn@energyhq.homeip.net> Cc: hackers@FreeBSD.ORG Subject: Re: extra sanity check in modules Message-ID: <20020508115221.E94469@blossom.cjclark.org> In-Reply-To: <20020508203130.A50402@energyhq.homeip.net>; from flynn@energyhq.homeip.net on Wed, May 08, 2002 at 08:31:30PM %2B0200 References: <20020508171635.A50078@energyhq.homeip.net> <20020508111607.C94469@blossom.cjclark.org> <20020508203130.A50402@energyhq.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 08, 2002 at 08:31:30PM +0200, Miguel Mendez wrote:
> On Wed, May 08, 2002 at 11:16:07AM -0700, Crist J. Clark wrote:
>
> > What does it gain you? If someone can modify the foo.ko, they can
> > modify the foo.ko.md5. What does making foo.ko.md5 immutable do that
> > that just making foo.ko immutable wouldn't?
>
> Hmmm, okay, so what if the md5 data is stored in a read only place?
Why not store the modules there?
> I wasn't
> only thinking about security here, I was also thinking about a way to
> avoid loading a module in case somehow it became corrupted.
In that case, you might just be better off putting a checksum in the
module itself.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020508115221.E94469>