Describe new module signing capability.

author: Dave Brolley <brolley@redhat.com> 2009-05-05 12:08:49 -0400
committer: Dave Brolley <brolley@redhat.com> 2009-05-05 12:08:49 -0400
commit: 7c4e9d57761b10058d36756df3b39039e292812d (patch)
tree: 8c937728d67fdc44689ad0007b12e2d454275d43
parent: 5b8db791abb8c968b55fcf80380b8b7d8d77f53a (diff)
download: systemtap-steved-7c4e9d57761b10058d36756df3b39039e292812d.tar.gz
systemtap-steved-7c4e9d57761b10058d36756df3b39039e292812d.tar.xz
systemtap-steved-7c4e9d57761b10058d36756df3b39039e292812d.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 6cfd7158..664753d3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,12 @@
 * What's new
 
+- Module signing: If the appropriate nss libraries are available on your system,
+  stap will sign each compiled module using a self-generated certificate.
+  This is the first step toward extending authority to load certain modules to
+  unprivileged users. For now, if the system administrator adds a certificate
+  to a database of trusted signers (stap-authorize-signing-cert), modules signed
+  using that certificate will be verified by staprun against tampering.
+  Otherwise, you should notice no difference in the operation of stap or staprun.
 
 * What's new in version 0.9.7
author	Dave Brolley <brolley@redhat.com>	2009-05-05 12:08:49 -0400
committer	Dave Brolley <brolley@redhat.com>	2009-05-05 12:08:49 -0400
commit	7c4e9d57761b10058d36756df3b39039e292812d (patch)
tree	8c937728d67fdc44689ad0007b12e2d454275d43
parent	5b8db791abb8c968b55fcf80380b8b7d8d77f53a (diff)
download	systemtap-steved-7c4e9d57761b10058d36756df3b39039e292812d.tar.gz systemtap-steved-7c4e9d57761b10058d36756df3b39039e292812d.tar.xz systemtap-steved-7c4e9d57761b10058d36756df3b39039e292812d.zip