Re: /dev/nvram on my Celebris

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Stephane Belmon: "Re: [patch] Re: Timeout overflow in select()"
• Previous message: Walter Brisken: "GUS sound / SMP problem"
• In reply to: Benjamin Redelings I: "[2.1.130-3] Page cache DEFINATELY too persistant... feature?"
• Next in thread: Benjamin Redelings I: "Re: [2.1.130-3] Page cache DEFINATELY too persistant... feature?"

> However there's nothing
> to stop the attacker compiling a new kernel and rebooting into it unless you
> go to significant effort there too,

There is. Don't use lilo. Have a little DOS partition. Don't include
DOS support in the kernel. Use a little DOS bootmenu to start Linux.
But default to start DOS there. This prevents from having someone
run lilo on a new kernel and do a shutdown -r.

> and then it becomes a pain to quickly fix
> a kernel problem which suddenly comes up.

If you are on the console, you can still reboot and choose "Linux" from
the boot menu.

Did I miss sth?

ciao,
johnny

-- 
Trust no-one.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Stephane Belmon: "Re: [patch] Re: Timeout overflow in select()"
• Previous message: Walter Brisken: "GUS sound / SMP problem"
• In reply to: Benjamin Redelings I: "[2.1.130-3] Page cache DEFINATELY too persistant... feature?"
• Next in thread: Benjamin Redelings I: "Re: [2.1.130-3] Page cache DEFINATELY too persistant... feature?"