On Wed, Jul 16, 2003 at 10:19:00PM -0400, Valdis.Kletnieksat_private wrote: > > Then there was the whole "we need to recognize zillions of disks in a few > fractions of a second" thread, which actually is relevant here because it's the > same basic problem of userspace callbacks... Well, as it was finally brought out, we don't need to recognize zillions of disks in a few fractions of seconds. And userspace will eventually catch up :) But yes, back to the original topic, I do agree that checking things like md5s or signatures on files should be done from within the kernel. As an example, see the cryptomark code I ported to 2.4 that puts gpg into the kernel and makes it so that only signed binaries are the ones that are able to be run as root. thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Jul 16 2003 - 21:29:34 PDT