Re: ext2 attribute immutable

Cees de Groot (C.deGroot@inter.nl.net)
Tue, 02 Apr 1996 13:18:35 +0200


sct@dcs.ed.ac.uk said:
> However, one thing which could be done fairly easily would be to (a)
> protect init from all attacks, making it immune to ptrace, kill -9
> etc; and (b) disable all direct kernel access (such as /dev/mem or
> loading new kernel modules) once securelev is sufficiently high.

AFAIK, init should already be immune against any signals which are still
associated with the default action. If not, this would be an (IMHO) easy and
(IMNSHO) necessary patch (I gleaned over the kernel code, and I think this is
not yet there).

Would it be an idea to make securelev a set of flags? So you could flag that
ext2 attributes can't be changed, that modules can't be loaded, that
networking setup is frozen, etcetera, etcetera. I think you could identify a
number of subsystems which need their configuration frozen, but not
necessarily in a sequential order (like you implied with ``once securelev is
sufficiently high'').

-- 
Cees de Groot                                        <C.deGroot@inter.NL.net>
OpenLink Software, Inc.