Andreas Gruenbacher wrote:
> > Either your installation is compatible with a trust kernel or it's not.
> > And if it is, then by booting up in non-trusted mode you leave a small
> > window where the system is at risk. And hence switching to trusted mode
> > would be meaningless.
--- Just a data point, but when I have trusted IRIX installed, there is no booting up in non-trusted mode. Capabilities are in effect even in single-user. To get non-trusted, I'd have to boot from some other media. If I wanted to secure that, I'd have to remove the floppy and CDROM and not allow network boots. I put a lock on the box to the table and lock the cover closed (most seem to have that option).Now I've secured that computer pretty much as I can -- yes, someone can come in with a crow-bar, but -- well, people can use explosives to get into a bank vault too.
It appears (I just installed "TRIX" for the first time only recently), that when you install the TRIX security option on top of a standard system, one of the things it does is set the capabilities for a bunch of system files -- which ones are trusted and which not, etc. Once you reboot, your basic CAPs are set and enforced when the new kernel comes up. Pretty spiffy!
-linda
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:30 EST