Re: Sealing the kernel

Jesse Pollard (pollard@tomcat.admin.navo.hpc.mil)
Wed, 27 Oct 1999 09:48:39 -0500 (CDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Bob Lorenzini: "Re: Odd motherboard problems with ASUS P5B"
Previous message: Theodore Y. Ts'o: "Re: serial.c (half duplex support)"
In reply to: Rob Schmaling: "IP Masq In 2.2.14pre1"

>In message <199910261928.OAA41544@tomcat.admin.navo.hpc.mil>, Jesse Pollard
>writes:
>+-----
>| >From: Aaron Sethman <androsyn@atomic-city.dev.powerize.com>
>| >On Tue, 26 Oct 1999, Dimitris Margaritis wrote:
>| >> Yes, John forgot to mention that we're assuming boot from a read-only
>| >> media such as a write-protected floppy or CD-ROM. We also assume
>| >> that the rc scripts, kernel, and all modules to be loaded at boot
>| >> time (before of course the sealing module) also reside on that medium.
>| >>
>| >> About your last point, yes, root can do a lot of nasty things, but by
>| >> sealing the kernel at least they are constrained to what's available
>| >> through kernel services. That may help presumably by disabling a lot
>| >> of stuff in the running kernel.
>| >Or even a better idea, compile the kernel without module support all
>| >together. Just hope that you don't have any of those blasted Plug and
>| >Pray devices.
>|
>| It would be better (in general) to remove root as a privileged user.
>+--->8
>
>You know, the more I read about this the more it sounds like capabilities
>--- which we have kernel-side, but have no userspace control for.
>
>Perhaps instead of reinventing the wheel, we should be figuring out how to
>use what we already have. (Or rather, how to make it usable.)

Capabilities are needed too. I want to be able to isolate one group of
users from even inadvertent disclosure of files to anyone outside the group.

That calls for compartmentalization.

I want to be able to prevent any user from being able to modify system
files (even root), yet be able to allow any user to be able to use them.

That calls for a multi-level security (at a minimum "syshigh" for shadow
password files and some configuration/log files; "syslow" for the password
file and standard utilities; and 0 for all user processes and user files).
-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil

Any opinions expressed are solely my own.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Bob Lorenzini: "Re: Odd motherboard problems with ASUS P5B"
Previous message: Theodore Y. Ts'o: "Re: serial.c (half duplex support)"
In reply to: Rob Schmaling: "IP Masq In 2.2.14pre1"