Re: Sealing the kernel

Aaron Sethman (androsyn@atomic-city.dev.powerize.com)
Tue, 26 Oct 1999 13:50:22 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Theodore Y. Ts'o: "Re: serial.c (half duplex support)"
Previous message: kuznet@ms2.inr.ac.ru: "Re: calling skb_queue_purge() causes oops when called from FreeS/WAN under 2.2.x"
Next in thread: Richard Guy Briggs: "Re: calling skb_queue_purge() causes oops when called from FreeS/WAN under 2.2.x"
Reply: Richard Guy Briggs: "Re: calling skb_queue_purge() causes oops when called from FreeS/WAN under 2.2.x"

You have a good idea...But what goes is it really when the person can just
go ahead a recompile a kernel...replace the current one and then cause the
system to "crash". Unless of course you are booting off of some sort of
read-only media(A write protected floppy comes to mind). Also, another
idea, backdoor insmod/modprobe so that your special module doesn't get
loaded again in the future. Its really impossible to protect the machine
from root. Sure you can keep them out of the kernel level stuff. But
what good is that really? The root user could still do nasty things to
your system regardless.

Aaron

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Theodore Y. Ts'o: "Re: serial.c (half duplex support)"
Previous message: kuznet@ms2.inr.ac.ru: "Re: calling skb_queue_purge() causes oops when called from FreeS/WAN under 2.2.x"
Next in thread: Richard Guy Briggs: "Re: calling skb_queue_purge() causes oops when called from FreeS/WAN under 2.2.x"
Reply: Richard Guy Briggs: "Re: calling skb_queue_purge() causes oops when called from FreeS/WAN under 2.2.x"