On Mon, 21 Feb 2000, Andreas Gruenbacher wrote:
> It all depends on your risk evaluation. Once you gain physical access to a
> machine, there's no real protection anymore. If the goal is merely to protect
> the system from attacks over the network, switching to trusted mode before the
> network interfaces are initializes is perfectly safe.
>
not quite...
the problem is that for a period of time the computers will be operating
with a completely different security behaviour as compared to it's
normal operational behaviour. Assumptions/expections regarding security
may not be valid during boot-up, and that's a security risk.
i can't think of something specific, but i am not a security expert.
Perhaps someone can, especially considering that Trusted mode security
setups are often going to be multi-user boxes with legitimate but
potentially hostile interactive users.
IMO if the box boots in traditional unix security mode, then it can
not later be considered to be a trusted host.
Either it's installed as Trusted, and then always runs in Trusted mode,
or it's not a trusted setup. (not sure, but i think this a requirement
for many security certifications like C2 - ie singleuser/allprivs mode
is not allowed)
>
> Regards,
> Andreas
regards,
Paul Jakma.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:29 EST