Describe new module signing capability.

author Dave Brolley <brolley@redhat.com>

Tue, 5 May 2009 16:08:49 +0000 (12:08 -0400)

committer Dave Brolley <brolley@redhat.com>

Tue, 5 May 2009 16:08:49 +0000 (12:08 -0400)
author Dave Brolley <brolley@redhat.com>
Tue, 5 May 2009 16:08:49 +0000 (12:08 -0400)
committer Dave Brolley <brolley@redhat.com>
Tue, 5 May 2009 16:08:49 +0000 (12:08 -0400)
diff --git a/NEWS b/NEWS

index 6cfd7158cd606be92d7f4aa9c63e1bdf4ec00f48..664753d3724616b07aed20d5863c3dd520fb59ec 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,12 @@
  * What's new
  
+- Module signing: If the appropriate nss libraries are available on your system,
+  stap will sign each compiled module using a self-generated certificate.
+  This is the first step toward extending authority to load certain modules to
+  unprivileged users. For now, if the system administrator adds a certificate
+  to a database of trusted signers (stap-authorize-signing-cert), modules signed
+  using that certificate will be verified by staprun against tampering.
+  Otherwise, you should notice no difference in the operation of stap or staprun.
  
  * What's new in version 0.9.7
author	Dave Brolley <brolley@redhat.com>
	Tue, 5 May 2009 16:08:49 +0000 (12:08 -0400)
committer	Dave Brolley <brolley@redhat.com>
	Tue, 5 May 2009 16:08:49 +0000 (12:08 -0400)