Re: Disabling module loading with a module?

Matthew Kirkwood (weejock@ferret.lmh.ox.ac.uk)
Tue, 17 Aug 1999 12:57:50 +0100 (GMT)


On Tue, 17 Aug 1999, fvw wrote:

> Recently there has been some discussion on BSDs securelevels

> Would it be possible to make a module for the linux kernel that mimics
> this, by disabling the loading of modules? Could a module trap the
> necessary system calls for inserting a module, and disable them? That
> way It could act as a sort seal that is loaded after all modules are
> loaded at startup.

It's even easier than that. 2.2.11 and 2.3.12 onwards have a(n almost)
monotonic bounding set for many privileged operations which the kernel
kernel restricts to root (specifically, the new capability stuff).

Put ~(1 << CAP_SYS_MODULE) (actually 4294901759) into
/proc/sys/kern/cap_bset to disable the usual kernel module mechanism.

Send ~(1 << CAP_SYS_RAWIO) (4294836223) in there to protect direct against
hardware access, and /dev/port, /dev/kmem, /dev/mem and (as of 2.3.14pre1)
/proc/kcore.

With these two disabled, there should be no way to modify the kernel.

(Interesting diversion: what about systems with swappable kernel code?
We'd have to deny access to block devices too, in that case.)

Matthew.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/