[lug] newbie question - rc.sysinit
rm at mamma.varadinet.de
rm at mamma.varadinet.de
Sat Jul 14 06:25:00 MDT 2001
On Fri, Jul 13, 2001 at 05:14:31PM -0600, Chris Riddoch wrote:
> <snip>
>
> Having followed this, and a couple other threads for a while, the idea
> of having signatures on kernel modules sounds almost feasable, except
> for a couple problems...
>
> Someone with root access can look at any area of memory or the hard
> drive. The private key has to be kept somewhere... and the
> passphrase, too, if you expect modules to be able to autoload without
> the administrator sitting in front of the keyboard.
>
> Seems that the best way to really be secure about this would be to
> build a kernel *without* module support. Is anybody quite sure that
> this would completely remove the ability to add modules?
I actually use this as a policy for "highly exposed" machines.
For any kind of server outside a secured network i try very hard
to avoid loadable module support. Given the fact that most of these
boxes usually server e specific purpose i can live without modules.
> Even then, I suppose, the infinitely-capable adversary could
> binary-patch the kernel's area of memory while it's running. Heh.
Yes, indeed. Iff you need a box that's imune against such kinds of
attacks you might want tolook at NSAs version of Linux (i heard a
lot of possitive remarks about it lately).
Ralf
More information about the LUG
mailing list