On Wed, May 07 2014, Henrique de Moraes Holschuh wrote: > Hello Manoj! > > On Mon, 05 May 2014, Manoj Srivastava wrote: >> True. But it does add a link to the dbg paths that ill be >> populated if you install that. Incodentally, this is what the upsteam >> make deb-pkg does
> Well, the upstream Makefile somehow manages to sign the modules after all
> changes to the module file, thus the signatures are valid :-)
Point.
> One possible fix would be to run the signature pass after updating the debug
> paths (and preferably also supressing any signature passes before the
> update, as the signature pass is quite slow and resource intensive).
I'll look into this; currently I do not know how to invoke the
signature pass.
>> It is a 5trade off. Being able to debug vs signed modules. I
>> suspect the trade off goes differently for vendor kernel packages and
>> home brewed ones. Even without the objcopy, would the signed modules
>> have the same signatures as the self compiled version? Is this a
>> hypothetical, or do we have a concrete degradation in security?
> Obviously, if you cannot secure the bootloader, module signing won't
> get you much. However, it is still useful to be able to have an extra
> security layer (as in "additionaly to apparmor/se-linux/etc") that
> gets in the way of a simple local root exploit giving you kernel
> powers (via modprobe/insmod).
OK. I'll see what I can do.
> I am not really interested into the "vendor kernel" angle, as kernel-package
> is not used for that anymore.
Yes, I know we both know that :-). I was unsiccesfully trying to
ask whether signatures were important for a one off image package, but
you have answered that above.
manoj
--
It is your destiny. Darth Vader
Manoj Srivastava <sriva...@acm.org> <http://www.golden-gryphon.com/>
4096R/C5779A1C E37E 5EC5 2A01 DA25 AD20 05B6 CF48 9438 C577 9A1C
signature.asc
Description: PGP signature
