On Mon, Aug 21, 2000 at 06:54:03PM +0200, Julien Oster wrote:
> Hello,
>
> I wrote a module which adds a little security feature to the kernel: you can
> give the kernel MD5 sums of executables (say, /bin/ls), and each time the
> executable is executed, the sum is checked and if it's wrong, execution dies
> with EINVAL. you can also "lock" the complete configuration, so that changes
> to the list of MD5 sums, the settings or whatever else are impossible and you
> have to reboot to do so. and you can specify that the kernel only allows the
> execution of setuid root programs if they have their MD5 sum in kernel.
Cool, sounds a bit like what SubDomain does
<http://www.immunix.org/subdomain.html>, but then again SubDomain isn't
released yet either, for people to compare them :)
(disclosure, I was one of the minor developers of SubDomain)
> Now it is almost finished. Almost means, I could finish it today, but I don't
> feel like. So, if everything goes right, I'll finish it tommorrow or the day
> after.
>
> Is that something I could submit so that it gets included in the kernel? It's
> designed as a module, you don't have to patch the kernel (it hooks into
> various system calls) and I simply don't know, what should be included in the
> kernel package and what not.
Post the patch to the list, or a pointer to the patch if the patch is
relatively large. After getting some feedback, try submitting it to
whomever is the maintainer in the section(s) that you have modified, and
see what they say.
Looking forward to seeing your changes,
greg k-h
-- greg@(kroah|wirex).com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Aug 23 2000 - 21:00:06 EST