On Wed, Sep 19, 2012 at 7:41 AM, Mimi Zohar wrote:
> On Wed, 2012-09-19 at 13:08 +0930, Rusty Russell wrote:
>> Mimi Zohar writes:
>>
>> > On Wed, 2012-09-12 at 17:04 +0930, Rusty Russell wrote:
>> >> "H. Peter Anvin" writes:
>> >>
>> >> > On 09/06/2012 11:13 AM, Kees Cook wrote:
>> >> >> Instea
On Wed, 2012-09-19 at 13:08 +0930, Rusty Russell wrote:
> Mimi Zohar writes:
>
> > On Wed, 2012-09-12 at 17:04 +0930, Rusty Russell wrote:
> >> "H. Peter Anvin" writes:
> >>
> >> > On 09/06/2012 11:13 AM, Kees Cook wrote:
> >> >> Instead of (or in addition to) kernel module signing, being able
Mimi Zohar writes:
> On Wed, 2012-09-12 at 17:04 +0930, Rusty Russell wrote:
>> "H. Peter Anvin" writes:
>>
>> > On 09/06/2012 11:13 AM, Kees Cook wrote:
>> >> Instead of (or in addition to) kernel module signing, being able to reason
>> >> about the origin of a kernel module would be valuable
On Wed, 2012-09-12 at 17:04 +0930, Rusty Russell wrote:
> "H. Peter Anvin" writes:
>
> > On 09/06/2012 11:13 AM, Kees Cook wrote:
> >> Instead of (or in addition to) kernel module signing, being able to reason
> >> about the origin of a kernel module would be valuable in situations
> >> where an
On Wed, Sep 12, 2012 at 12:34 AM, Rusty Russell wrote:
> "H. Peter Anvin" writes:
>
>> On 09/06/2012 11:13 AM, Kees Cook wrote:
>>> Instead of (or in addition to) kernel module signing, being able to reason
>>> about the origin of a kernel module would be valuable in situations
>>> where an OS al
"H. Peter Anvin" writes:
> On 09/06/2012 11:13 AM, Kees Cook wrote:
>> Instead of (or in addition to) kernel module signing, being able to reason
>> about the origin of a kernel module would be valuable in situations
>> where an OS already trusts a specific file system, file, etc, due to
>> thing
On 09/06/2012 11:13 AM, Kees Cook wrote:
Instead of (or in addition to) kernel module signing, being able to reason
about the origin of a kernel module would be valuable in situations
where an OS already trusts a specific file system, file, etc, due to
things like security labels or an existing r
On Mon, 10 Sep 2012, Rusty Russell wrote:
> Kees Cook writes:
> > On Fri, Sep 7, 2012 at 10:12 AM, Mimi Zohar
> > wrote:
> >> This method is a consistent and extensible approach to verifying the
> >> integrity of file data/metadata, including kernel modules. The only
> >> downside to this appro
On Sun, Sep 9, 2012 at 6:46 PM, Rusty Russell wrote:
> Kees Cook writes:
>> On Fri, Sep 7, 2012 at 10:12 AM, Mimi Zohar wrote:
>>> This method is a consistent and extensible approach to verifying the
>>> integrity of file data/metadata, including kernel modules. The only
>>> downside to this app
Kees Cook writes:
> On Fri, Sep 7, 2012 at 10:12 AM, Mimi Zohar wrote:
>> This method is a consistent and extensible approach to verifying the
>> integrity of file data/metadata, including kernel modules. The only
>> downside to this approach, I think, is that it requires changes to the
>> usersp
On Fri, 2012-09-07 at 10:19 -0700, Kees Cook wrote:
> On Fri, Sep 7, 2012 at 10:12 AM, Mimi Zohar wrote:
> > On Fri, 2012-09-07 at 09:45 +0930, Rusty Russell wrote:
> >> Kees Cook writes:
> >> > Instead of (or in addition to) kernel module signing, being able to
> >> > reason
> >> > about the or
Instead of (or in addition to) kernel module signing, being able to reason
about the origin of a kernel module would be valuable in situations
where an OS already trusts a specific file system, file, etc, due to
things like security labels or an existing root of trust to a partition
through things
On Fri, Sep 7, 2012 at 10:12 AM, Mimi Zohar wrote:
> On Fri, 2012-09-07 at 09:45 +0930, Rusty Russell wrote:
>> Kees Cook writes:
>> > Instead of (or in addition to) kernel module signing, being able to reason
>> > about the origin of a kernel module would be valuable in situations
>> > where an
On Fri, 2012-09-07 at 09:45 +0930, Rusty Russell wrote:
> Kees Cook writes:
> > Instead of (or in addition to) kernel module signing, being able to reason
> > about the origin of a kernel module would be valuable in situations
> > where an OS already trusts a specific file system, file, etc, due t
On Thu, Sep 6, 2012 at 5:15 PM, Rusty Russell wrote:
> Kees Cook writes:
>> Instead of (or in addition to) kernel module signing, being able to reason
>> about the origin of a kernel module would be valuable in situations
>> where an OS already trusts a specific file system, file, etc, due to
>>
Kees Cook writes:
> Instead of (or in addition to) kernel module signing, being able to reason
> about the origin of a kernel module would be valuable in situations
> where an OS already trusts a specific file system, file, etc, due to
> things like security labels or an existing root of trust to
Instead of (or in addition to) kernel module signing, being able to reason
about the origin of a kernel module would be valuable in situations
where an OS already trusts a specific file system, file, etc, due to
things like security labels or an existing root of trust to a partition
through things
17 matches
Mail list logo
