Re: signing a filesystem

Andrew G. Morgan (morgan@parc.power.net)
Sat, 28 Dec 1996 07:43:51 -0800 (PST)

bofh@snoopy.virtual.net.au wrote:
> /proc/cmdline is not the issue IMHO. I could hack /proc/cmdline out of
> there in 5 minutes, or the sys-admin could leave /proc unmounted (or mount it
> as ~root/proc and have /proc be a symlink). The issue is that the kernel gets
> a command line from somewhere and the hacker could get it from the same place.
> If the boot loader can get the kernel command line from a hard drive or floppy
> drive then a hacker with physical access to the machine can get it in the same
> fashion. Let's fact it, boot loaders are pretty stupid but the same can't be
> said for all potential hackers!

Fair point. What about a kernel image booted from write protected media (a
floppy or CD) that is removed from the machine after booting? Such a kernel
could be compiled with the secret filesystem key built in. :^)

> >At this stage, I'm interested mostly in peoples' comments. I'm becoming
> >fascinated by what it would take to make Linux conform to Orange-Book Class B
> >security. This modification to the filesystem would be relevant to getting it
> >over C1 (sub-paragraph 2.1.3.1.1!)
>
> Sounds great!
>
> If there is a good copy of these security standards on the net could you
> please give me the URL? Otherwise could you please provide a brief summary of
> the important points?

OK! A little bit of over-enthusiasm in the morning; take a look at

http://parc.power.net/morgan/Orange-Linux/index.html

Best wishes

Andrew

-- 
        Linux-PAM: http://parc.power.net/morgan/Linux-PAM/index.html
          libpwdb: http://parc.power.net/morgan/libpwdb/index.html
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]