Modular Kernel Security

Secret Squirrel (secret_squirrel@nym.alias.net)
4 Aug 1999 18:48:40 -0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andre M. Hedrick: "Re: Harddrive lockup"
Previous message: Andre M. Hedrick: "OFF the List for a while. (IDE-answers)"
Next in thread: Bernd Eckenfels: "Re: Modular Kernel Security"
Maybe reply: Bernd Eckenfels: "Re: Modular Kernel Security"

I was just browsing some recent issues of Phrack and noticed a developing
fascination therein with the potential vulnerabilities of modular kernels,
which I would not be concerned much about if I were able to sucessfully
compile a completely non modular kernel. Which i can't- something always
craps out, but works OK in modular form. And, no modules seems to mean no
compression for slip/ppp,no encryption, etc. etc.

Since the cracker/hacker community is actively drooling over this route
to undermining security, isn't the time ripe to add some superior facilities
to control kernel-module loading and authenticate modules ?

As a first approach I was thinking generically of a matched set of kernel
and modules, that recognize and work with only each other.

Since the only cryptographic process here would be signing, I don't think
this would impact kernel distribution.

Naturally, there are other issues with modules that need to be
addressed....better to do so now before tools begin to appear.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andre M. Hedrick: "Re: Harddrive lockup"
Previous message: Andre M. Hedrick: "OFF the List for a while. (IDE-answers)"
Next in thread: Bernd Eckenfels: "Re: Modular Kernel Security"
Maybe reply: Bernd Eckenfels: "Re: Modular Kernel Security"