Re: [PATCH RFC] kernel build: enable use of password-protected signing keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9.2.2014 23:38, Emily Maier wrote:
> Currently, the module signing script assumes that the private key is 
> not password-protected. This patch makes it slightly more secure by 
> allowing it to be passed in on the command line as "make 
> modules_install MOD_PASSWORD=abc". It's vulnerable to snooping during 
> the build of course, but so is an unprotected signing key.

The key's permissions can be set to 0600, while the make commandline is
visible in ps.

Michal
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux