Comments on the module-file format

Mark Reinhold mr at sun.com
Wed Feb 10 14:52:42 PST 2010


> Date: Wed, 10 Feb 2010 16:57:03 -0500
> From: sean.mullan at sun.com

>>> The signature is a signature over all of the hashes in the module. It also may
>>> contain other security attributes, such as the permissions needed by the
>>> modules.
>> 
>> Good point -- I hadn't thought about signing required permissions, but
>> that is of course necessary.
> 
> Actually, they could also be contained outside of the signature as attributes
> of the module, as long as they are protected by one of the module or section
> hashes.

Right; my mistake.

>         However, if so, they should come in the header or near the beginning of
> the module so that they can be validated against a policy before proceeding
> with downloading the rest of the module.

Agreed.

- Mark



More information about the jigsaw-dev mailing list