Ultimately, I think sealing the kernel just makes _subtle_ "nasty things"
more difficult. System crashes from a hostile root are probably
unavoidable but what won't be possible is loading a 'stealth module' which
hides some set of processes and files from all user-land utilities without
crashing. If we can boot off a readonly media, this denial of subtle
nastiness can be extended across reboots.
I don't really fear random crackers who make their presence known
immediately. I tend to fear the ones who don't make their presence known.
The alternative is to build a kernel without module support and /dev/mem
disallowed. That's a bit awkward for some situations (do you really want
to compile a new kernel for every single different machine?) and just
won't work well for others (pcmcia without modules is impractical).
-John
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/