> On Mon, 8 May 2000, Igmar Palsenberg wrote:
>
> > BSDI also has a mode like this, the kernel secure levels. Basically means
> > that some operations are disabled, and the only was to switch the level is
> > from init 1 :-))
>
> > The 'main' risk if someone gets in that he replaces system bins.. So the
> > only way to detect this is a proper logging system, that cannot be
> > modified without someone noticing.
>
> This is something that can be handled with securelevels. Mark the system
> binaries as immutable and the only way to change them is from singleuser.
> However, iopl() still can be used to circumvent this, and as long as Linux
> allows hardware access to user-level apps, you cannot make a system
> secure.
See my next post :-)
I think that directly accessing /dev/hd or sd should also fall under the
restricted operation..
However, I think this breaks programs such as dump
>
> > > > If the guy (girl) really know what he is doing he is able to wipe his
> > > > traces..
>
> Noone can escape a 9-dot printer on /dev/lp0.
My machine is about 100 miles away.. Also 500 9 pin matrix printer
violate some regulations I think :)
> Good question. What is its use? (Hint: I know how the accelerated X
> servers work.)
Directly accessing PCI memory I think in that case :)
> Simon
Igmar
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:11 EST