Re: Proposal "LUID"

From: Jesse Pollard (pollard@tomcat.admin.navo.hpc.mil)
Date: Tue Apr 18 2000 - 07:36:44 EST

Next message: Espiritu, Civ Kenneth: "Fix to swap_out()"
Previous message: Daniel Kobras: "Re: kswapd a zombie."
Next in thread: Vandoorselaere Yoann: "Re: Proposal "LUID""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Austin Schutz writes the following:
> >> Imagine the credit card database so that neither root nor http could access
> >> it except through a secured program that neither could write to, etc.
> >> Great fun...
> >
> > Sounds nice. Interesting to see how it gets implemented.
>
> I always wonder what the procedure is for upgrading the kernel on these
> hyper-secure machines. Whoever has permission to do that can do anything he
> wants.
>
> "Root is God" is not just unix tradition, it's an inevitable reality. And if
> what they want is a system on which administration must be done at the
> console, take windoze... please. We don't want it.

It really isn't that hard -

1. Ensure trusted communication from a user (I use ssh) from a trusted
workstation (this is the hard part :-).
2. login as yourself on the system being administered (audit event here)
3. request higher privilege access (another audit event); It can even be
denied if I'm not coming from a trusted workstation.
4. perform the administrative function (more audit events)
5. log out.

Upgrading the kernel:

1. Should never be done on the host to be updated.
2. Setup and test the new kernel on a different system (best), or (not so good)
   Setup and test the new kernel on a different system disk, with the
   production system off-line (including production data...)
3. Perform more testing with prototype production data, and production code.
4. If all tests/audit trails pass, then boot the new kernel with the
   production application and data.

Not significantly different from any other upgrade, when done carefully.
Yes, the boot testing does require the console. It always did.
-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil

Any opinions expressed are solely my own.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Espiritu, Civ Kenneth: "Fix to swap_out()"
Previous message: Daniel Kobras: "Re: kswapd a zombie."
Next in thread: Vandoorselaere Yoann: "Re: Proposal "LUID""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:13 EST