On Sat, Jul 22, 2000 at 09:49:23PM +0200, you [Peter Svensson] claimed:
> On Sat, 22 Jul 2000, Ville Herva wrote:
>
> > > > Of course, kernel module loading should be disabled as well (or made
> > > > available only via challange-response authentication or something (*)).
> > >
> > > You can load all needed modules and then disable modules loading with the
> > > same /proc/sys/kernel/cap-bound ...
> >
> > Good.
>
> Of course you need to keep your bootable medium protected, ot at least the
> kernel. I think linux implements the concept of immutable files but I may
> have the os:s mixed up.
Yes there are immutable files. Anyhow, You might want to boot from cdrom
or similar, since those physically can't be written to.
> It is a usability vs. security issue. You can tighten security immensly
> through capabilities, but then you will have a much harder time as an
> administrator.
There is this guide line "what you don't need, disable". Following this,
you might in end up with a somewhat usable and somewhat secure system. In
this particular case, if you are running a firewall, you'd disable module
loading, raw io etc so that the possible can physically harm the box even
if he gets in. This may mean half and hour vs. couple of days down time in
your organisations net access if you don't have a backup fw box, but you
have a backup of the fw software floppy (which you'd have to update, since
it has the same security problem as the original).
-- v --
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:19 EST