> A complete security mechanism, capable of defeating even a
> root attack, has GOT to be more complex than Linux can currently
> achieve. There's nothing new about this!
>=20
_That_ is quite obvious. IMHO, the best way out of this is to implement
ACLs so that we don't need root. No root-capable process on the system =
->
no security problems caused by root. Easy, isn't it? ;-) ;-) ;-)
> However, one thing which could be done fairly easily would be to (a)
> protect init from all attacks, making it immune to ptrace, kill -9
> etc
Surprise -- that is already in the kernel.
> and (b) disable all direct kernel access (such as /dev/mem or
> loading new kernel modules) once securelev is sufficiently high.
>=20
True.
--=20
Movies keep getting more explicit; these days a "family film" is likely
to show you how to start one.
-- Sandy Teller
--=20
Matthias Urlichs \ XLink-POP N=FCrnberg | EMail: urlichs@smurf.=
noris.de
Schleiermacherstra=DFe 12 \ Unix+Linux+Mac | Phone: ...please use =
email.
90491 N=FCrnberg (Germany) \ Consulting+Networking+Programming+etc'i=
ng 42
PGP: 1B 89 E2 1C 43 EA 80 44 15 D2 29 CF C6 C7 E0 DE=20
Click <A HREF=3D"http://smurf.noris.de/~smurf/finger">here</A>.