Hello,
I wrote a module which adds a little security feature to the kernel: you can
give the kernel MD5 sums of executables (say, /bin/ls), and each time the
executable is executed, the sum is checked and if it's wrong, execution dies
with EINVAL. you can also "lock" the complete configuration, so that changes
to the list of MD5 sums, the settings or whatever else are impossible and you
have to reboot to do so. and you can specify that the kernel only allows the
execution of setuid root programs if they have their MD5 sum in kernel.
Now it is almost finished. Almost means, I could finish it today, but I don't
feel like. So, if everything goes right, I'll finish it tommorrow or the day
after.
Is that something I could submit so that it gets included in the kernel? It's
designed as a module, you don't have to patch the kernel (it hooks into
various system calls) and I simply don't know, what should be included in the
kernel package and what not.
Device drivers for real devices all seem to go into the kernel package. But
things like BSD process accounting also do... however, I didn't look at it,
but I suspect that BSD process accounting need significant changes to the
kernel, and my module does not.
PCMCIA/CardBus32 was not included in the kernel for a long time. It seemed
to have a kind of "add on character", an autonomous package that can exist
separately. Now it's in, and I'm even more confused.
So, in which cases does Linus (and all others involved) decide wether
something is to be put in the kernel package or not? What's the philosophy?
Thanks,
Julien
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Aug 23 2000 - 21:00:04 EST