Peter Svensson wrote:
> The difference being that root _is_ allowed to crash the kernel. No, this
> is more a question of providing a "cooked" interface or not. I generally
> believe in cooked itnerfaces when they can abstract away differences in
> lower levels. However, given the possible damage caused by an error I can
> certainly understand if Linus chooses to include it.
Crashing the kernel and taking out the firmware are two entirely
different things.
> The discussion has not been so much whether this patch is a good idea as
> it has been about the claim that it is a security patch protecting from a
> malicious root.
Not a whole lot is going to protect against a malicious root, but then
again, protecting against a clueless root is a very good idea, the
growth of Linux depends on that sort of basic protection.
>From what I gather, the patch proposed by Andre essentially provides a
layer of protection against general attack on the hardware. Correct me
if I'm wrong, but this would defend against virii, trojans, and other
remote exploit code. It may not defend against a root user with direct
shell access, but a defense against remote attack is a good thing
regardless. A sound security stance is to default *deny* and require an
explicit allow from deliberate action by root. If someone needs to do
firmware updates have them create a boot floppy with the necessary code
and keep a less permissive kernel on the HD boot partition.
Not that my $0.02 counts much, but for what it's worth, I agree with
Andre.
John
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:15 EST