From owner-freebsd-hackers Wed May 8 8:16:48 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by hub.freebsd.org (Postfix) with ESMTP id 9257237B407 for ; Wed, 8 May 2002 08:16:40 -0700 (PDT) Received: by energyhq.homeip.net (Postfix, from userid 1001) id DC7C33FC46; Wed, 8 May 2002 17:16:35 +0200 (CEST) Date: Wed, 8 May 2002 17:16:35 +0200 From: Miguel Mendez To: hackers@freebsd.org Subject: extra sanity check in modules Message-ID: <20020508171635.A50078@energyhq.homeip.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="bp/iNruPH9dso1Pn" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --bp/iNruPH9dso1Pn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I've been thinking of adding an extra check in kldload. My idea is to have= =20 an md5 sum per module, so for foo.ko we'd have foo.ko.md5. At load time the md5 is checked, if it doesn't test ok the module is not loaded. The md5 files could chflagged as inmutable for extra security. Is it worth having this or just a silly idea? I might start hacking on my DP1 box on this thing later. Cheers, --=20 Miguel Mendez - flynn@energyhq.homeip.net GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt EnergyHQ :: http://www.energyhq.tk FreeBSD - The power to serve! --bp/iNruPH9dso1Pn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE82UFTnLctrNyFFPERAtFcAJ9w+GLXGVItLLZEr/UgqlUzjyLa2QCfUPLS I8sHUTm3E8BS4W2Mix4JV+E= =Ynpt -----END PGP SIGNATURE----- --bp/iNruPH9dso1Pn-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message