Re: [linux-security] Malicious Linux modules (fwd)

Alex Belits (abelits@phobos.illtel.denver.co.us)
Fri, 10 Oct 1997 15:12:34 -0700 (PDT)


On Fri, 10 Oct 1997, Peter Benie wrote:

> Loading modules lets potentially untrustworthy code into your trusted
> environment so the modules need checked first. A possible approach is
> to use code signing so the kernel can check that the code really was
> compiled by you.

It will be a worthless waste of time:

1. If one is root, he can do everything and bypass everything.
2. If one isn't root he should not be able to modify kernel code.

Correct securelevel implementation should disable modules
load/unload support for nonzero securelevel, and most likely render things
like PCMCIA support unusable, so it won't help much. Diagnostic floppy or
cdrom that boots its own kernel and checks files for changes probably will
be much better solution, and if distributions will provide it, problems
will be detected at the next reboot (people who have poor security on
their boxes are often the same people who reboot those boxes often, so it
won't take too long ;-)

--
Alex