Re: [OT] Re: keyboard driver of 2.6 kernel

From: Roberto Nibali
Date: Thu Jan 05 2006 - 07:45:07 EST


http://www.drugphish.ch/patches/ratz/bash/bash-3.0-fix_1439-3.diff

But http://ttyrpld.sourceforge.net/ looks indeed interesting, however no 2.4.x support from what I can see.

This can be very easily circumvented if you can execute another shell (for example your own version of bash without patch).

Everything can be circumvented, but that's hardly the point of what the patch tries to achieve. It is/was actually a requirement for financial institutes, governments and ISPs running Linux-based services to comply to the SOX and Basel II acts. Besides, ttyrpld can also be cirumvented on a normal Linux distribution without special countermeasures or policies regarding kernel module loading. It's just a tad bit harder to do.

The cited patch has auditing and trace facilities up to the point where no intended malicious actions happen. It's only there to log and not to prevent any kind of attack.

Some of our systems for example run a highly secured Linux distribution (Pitbull LX, SELinux, RSBAC, and partially other compartmentalized environments), but some of those enhanced security systems do not provide sufficient logging mechanisms to comply to those new acts.

The reason I mentioned my patch is that it's non-intrusive, and this helps in case of a security certification, and maybe also otherwise. YMMV.

Best regards,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/