RE: immutable flag on ext2fs

Guest section DW (Fabian.Frederick@prov-liege.be)
Tue, 22 Jun 1999 14:57:39 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Niku Toivola: "Re: 2.2.10 won't boot w/o keyboard"
Previous message: Guest section DW: "Re: 2.2.10 won't boot w/o keyboard"

Another kind of security level would be to develop kswap alike
processes.
I mean exporting basic process activities in subsidiary kernel
processes.
By the way, I'm currently and _actively_ thinking of it....
What I wanna figure out by now is the way _user space_ allocations are
done
as kmalloc seems only dedicated for _kspace_ ones : /
Another dark question is the way requests would be made :
User->Kernel central or User->Specific Kprocess.

Any arguments for/against those microkernel concepts ?

Fabian

On Tue, 22 Jun 1999, Alan Cox wrote:

> Securelevel is supposed to be one way in all respects. So it disables
access
> to raw block devices, to mmap on /dev/*mem and all other known paths
root could
> use to change it indirectly back (eg ioperm/iopl)

The interesting statement (and the challenge) is the quote "all other
known paths". If any cunning people out there can think of other,
not-covered ways that root can subvert the kernel, please get in touch
with me, or Alan, or the list etc.

This work isn't relevant to just securelevel - it is vital for
capabilities too.

Chris

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel"
in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Niku Toivola: "Re: 2.2.10 won't boot w/o keyboard"
Previous message: Guest section DW: "Re: 2.2.10 won't boot w/o keyboard"