Re: Misc Fixes

Alan Cox (alan@cymru.net)
Thu, 11 Jul 1996 10:58:36 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Miguel Armas: "Real Time Linux"
Previous message: Nuno Serrenho: "sound.o as module problem..."
In reply to: Systemkennung Linux: "Re: Misc Fixes"
Next in thread: Zefram: "Re: Misc Fixes"
Reply: Zefram: "Re: Misc Fixes"

> > Yes. Allowing module loads has to be blocked by securelevel
> This would make the use of kerneld impossible. I suggest to

Kerneld is not usable in a secure environment as is..

> - Mark the modules immuteable using the immutable file attribute.

I can mark files immutable after the secure level is set. This therefore
doesnt work.

> - A mechanism that allows to limit loading of modules to certain programs:
> In case of kerneld require that it's inode is also immuteable and
> owned by root or kerneld must have been started before the securelevel
> was raised.

and its config files.

Just insisting a module loader was started before the securelevel was raised
would do the job I think.

Alan

Next message: Miguel Armas: "Real Time Linux"
Previous message: Nuno Serrenho: "sound.o as module problem..."
In reply to: Systemkennung Linux: "Re: Misc Fixes"
Next in thread: Zefram: "Re: Misc Fixes"
Reply: Zefram: "Re: Misc Fixes"