Date: Wed, 8 May 2002 11:16:07 -0700 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: Miguel Mendez <flynn@energyhq.homeip.net> Cc: hackers@FreeBSD.ORG Subject: Re: extra sanity check in modules Message-ID: <20020508111607.C94469@blossom.cjclark.org> In-Reply-To: <20020508171635.A50078@energyhq.homeip.net>; from flynn@energyhq.homeip.net on Wed, May 08, 2002 at 05:16:35PM %2B0200 References: <20020508171635.A50078@energyhq.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 08, 2002 at 05:16:35PM +0200, Miguel Mendez wrote:
> Hi,
>
> I've been thinking of adding an extra check in kldload. My idea is to have
> an md5 sum per module, so for foo.ko we'd have foo.ko.md5. At load time
> the md5 is checked, if it doesn't test ok the module is not loaded. The
> md5 files could chflagged as inmutable for extra security. Is it worth
> having this or just a silly idea? I might start hacking on my DP1 box on
> this thing later.
What does it gain you? If someone can modify the foo.ko, they can
modify the foo.ko.md5. What does making foo.ko.md5 immutable do that
that just making foo.ko immutable wouldn't?
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020508111607.C94469>