Re: [PATCH] Read only syscall tables for x86_64 and i386

From: Alan Cox
Date: Fri Jul 01 2005 - 16:27:36 EST

Next message: Greg KH: "[PATCH] PCI: clean up dynamic pci id logic"
Previous message: Stephane Eranian: "2.6.12-mm2 perfmon2 patch and beta libpfm-3.2 available"
In reply to: Richard B. Johnson: "Re: [PATCH] Read only syscall tables for x86_64 and i386"
Next in thread: Richard B. Johnson: "Re: [PATCH] Read only syscall tables for x86_64 and i386"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Gwe, 2005-07-01 at 21:47, Richard B. Johnson wrote:
> After all modules are loaded, you (startup) loads a module that
> makes the module-loader stuff return -ENOSYS. Then, nobody can
> load any new modules. The running kernel is (more) secure.

Just use an SELinux policy like everyone else 8). You need to block more
otherwise I can load a module by hand through /dev/mem etc

Alan
--
" If knowledge does not have owners, then intellectual property
is a trap set by neo-liberalism." -- Hugo Chavez

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[PATCH] PCI: clean up dynamic pci id logic"
Previous message: Stephane Eranian: "2.6.12-mm2 perfmon2 patch and beta libpfm-3.2 available"
In reply to: Richard B. Johnson: "Re: [PATCH] Read only syscall tables for x86_64 and i386"
Next in thread: Richard B. Johnson: "Re: [PATCH] Read only syscall tables for x86_64 and i386"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]