On Fri, Jan 25, 2013 at 12:14:54AM +0000, David Howells wrote: > You can't rely on someone trying to sneak a dodgy crypto module in to set the > flag when they build it. The detection thus needs to be done in the kernel > during the module load. > > Can you search the module image for "crypto_register_" I wonder? If that's > there, it's a crypto module.
If you're trying to protect against malice rather than accident, what's going to stop the module from just finding and modifying data structures itself? If you want to panic if you've just loaded something that might compromise your crypto implementations, you've got to panic on all unsigned module loads. -- Matthew Garrett | mj...@srcf.ucam.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/