On Mon, 8 May 2000, Igmar Palsenberg wrote:
> BSDI also has a mode like this, the kernel secure levels. Basically means
> that some operations are disabled, and the only was to switch the level is
> from init 1 :-))
> The 'main' risk if someone gets in that he replaces system bins.. So the
> only way to detect this is a proper logging system, that cannot be
> modified without someone noticing.
This is something that can be handled with securelevels. Mark the system
binaries as immutable and the only way to change them is from singleuser.
However, iopl() still can be used to circumvent this, and as long as Linux
allows hardware access to user-level apps, you cannot make a system
secure.
> > > If the guy (girl) really know what he is doing he is able to wipe his
> > > traces..
Noone can escape a 9-dot printer on /dev/lp0.
> > Again: if /dev/kmem is readable on system :-)
> It is as root.. And it it is not as root, what's the use of /dev/kmem ?
Good question. What is its use? (Hint: I know how the accelerated X
servers work.)
Simon
-- PGP public key available from http://phobos.fs.tum.de/pgp/Simon.Richter.asc Fingerprint: 10 62 F6 F5 C0 5D 9E D8 47 05 1B 8A 22 E5 4E C1 Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:11 EST