Re: Sealing the kernel
Brandon S. Allbery KF8NH (allbery@kf8nh.apk.net)
Tue, 26 Oct 1999 19:43:59 -0400
In message <199910261928.OAA41544@tomcat.admin.navo.hpc.mil>, Jesse Pollard
wri
tes:
+-----
| >From: Aaron Sethman <androsyn@atomic-city.dev.powerize.com>
| >On Tue, 26 Oct 1999, Dimitris Margaritis wrote:
| >> Yes, John forgot to mention that we're assuming boot from a read-only
| >> media such as a write-protected floppy or CD-ROM. We also assume
| >> that the rc scripts, kernel, and all modules to be loaded at boot
| >> time (before of course the sealing module) also reside on that medium.
| >>
| >> About your last point, yes, root can do a lot of nasty things, but by
| >> sealing the kernel at least they are constrained to what's available
| >> through kernel services. That may help presumably by disabling a lot
| >> of stuff in the running kernel.
| >Or even a better idea, compile the kernel without module support all
| >together. Just hope that you don't have any of those blasted Plug and
| >Pray devices.
|
| It would be better (in general) to remove root as a privileged user.
+--->8
You know, the more I read about this the more it sounds like capabilities
--- which we have kernel-side, but have no userspace control for.
Perhaps instead of reinventing the wheel, we should be figuring out how to
use what we already have. (Or rather, how to make it usable.)
--
brandon s. allbery os/2,linux,solaris,perl allbery@kf8nh.apk.net
system administrator kthkrb,heimdal,gnome,rt allbery@ece.cmu.edu
carnegie mellon / electrical and computer engineering kf8nh
We are Linux. Resistance is an indication that you missed the point.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/