From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Thank you for commit 831ff05d898cbf3484922d33573ee067782eb663
 ("kernel: enable and enforce signed kernel modules")
Date: Sun, 09 Feb 2020 14:17:00 +0000
Message-ID: <a717ae6f-1ad3-f8ab-ddbc-3b88430ea63e@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0913702911264425338=="
List-Id: <development.lists.ipfire.org>

--===============0913702911264425338==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello Arne,

having a look at https://git.ipfire.org/ every now and then, I just
stumbled across commit 831ff05d898cbf3484922d33573ee067782eb663
("kernel: enable and enforce signed kernel modules", see:
https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommit;h=3D831ff05d898cbf34849=
22d33573ee067782eb663 ).

In my opinion, this makes post-exploitation activities like installing
kernel rootkits much harder, as most of them appear as kernel modules.
We talked about this quite a while ago, and I did not expect this
change to be made in IPFire 2.x anymore.

Anyway: Thank you very much for providing it. :-)

Since it already has been commited, adding an Reviewed-by tag does not
make sense anymore, but it's the willingness that counts!

Thanks, and best regards,
Peter M=C3=BCller

--===============0913702911264425338==--