If you wanted to disable the ablity for someone to load a new kernel on
a system, have the system boot off of a physically read only media, like a
write protected floppy disk. Also one might want to get out the tool kit
and disable flashing the ROM BIOS. Yet another point is to disable any
ability to fiddle with the CMOS(nvram..or whatever you care to call it).
Also if they really, really wanted to cause problems they could setup some
program that gets run at boot to fondle /dev/kmem.
As for the idea of a kernel/key id system for loading modules who is to
say that if they have root access they couldn't just watch and see what
the authentication scheme does and repeat it for there evil module.
Then again if the system has been compromised then there is no real way to
tell if a backdoor has been put in vital system executables like
/sbin/init or /bin/sh. Unless of course...you have all of these goodies
stored on physically read-only media.
It would be interesting to find out if somebody is running a system with
all executables on read-only media and only data files and the like on
read-write media.
Aaron Sethman
Programmer / System Administrator
The Open Domain Server -- http://www.ods.org/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/