Re: Modular Kernel Security

Bernd Eckenfels (ecki@lina.inka.de)
Thu, 05 Aug 1999 02:36:28 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Steve Dodd: "Re: What's this?"
Previous message: Jean-Marc.Valin: "oops/crash probably scsi emulation"
Maybe in reply to: Secret Squirrel: "Modular Kernel Security"

In article <ce332fe2a75f0fd7e5bed08eab129332@anonymous> you wrote:
> As a first approach I was thinking generically of a matched set of kernel
> and modules, that recognize and work with only each other.

A good idea would be to allow loading/unloading of modules only for root...
oh way it is already the case...

> Since the only cryptographic process here would be signing, I don't think
> this would impact kernel distribution.

It wont help against root intruders. Unless the trust model inside the linux
kernels gets an additional "ring" you cant be safe about root users
compromising your system. Capabilities of course do help here.

Greetings
Bernd

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steve Dodd: "Re: What's this?"
Previous message: Jean-Marc.Valin: "oops/crash probably scsi emulation"
Maybe in reply to: Secret Squirrel: "Modular Kernel Security"