Linux – Linus Torvalds – Discussion – “Load keys from signed PE binaries”

Linux – Linus Torvalds – Discussion – “Load keys from signed PE binaries”

My brother emailed me this email thread this morning:

https://lkml.org/lkml/2013/2/21/228

Guys, this is not a dick-sucking contest.

If you want to parse PE binaries, go right ahead. If Red Hat wants to deep-throat Microsoft, that’s *your* issue. That has nothing what-so-ever to do with the kernel I maintain. It’s trivial for you guys to have a signing machine that parses the PE binary, verifies the signatures, and signs the resulting keys with your own key. You already wrote the code, for chissake, it’s in that f*cking pull request. 

Why should *I* care? Why should the kernel care about some idiotic “we only sign PE binaries” stupidity? We support X.509, which is the standard for signing. 

Do this in user land on a trusted machine. There is zero excuse for doing it in the kernel.

Linus

 

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s