[lug] Steganography (was: newbie question - rc.sysinit)
rm at mamma.varadinet.de
rm at mamma.varadinet.de
Mon Jul 16 10:17:03 MDT 2001
On Sat, Jul 14, 2001 at 12:50:12PM -0600, Chris Riddoch wrote:
[...]
> > There actually are good reasons for having this feature (at least for
> > high availability servers).
>
> I suppose there could be, now that you mention high availability. I
> hadn't thought of that. I don't know which architecture it is that
> lets you do it, but something lets you hot-swap CPUs and run different
> OSes on different kernels - something of IBMs, I think. I suppose, on
> those archiectures, that you'd want to be able to load a kernel onto
> that CPU without rebooting the whole system.
IBM 390 is one of them.
> > Yup. A really nasty cracker could actually replace the bios ith Linux!
> > (given that the hardware is supported by the Linux Bios Project ;-)
>
> Oooo! I've never seen this project before! That looks really cool!
> I'm tempted to try it out, but the idea of hosing my BIOS from a bug
> or corrupted install isn't very appealing.
Come on, a little bit of risk here can't hurt ;-)
Well, we happen to have a flash burner here, so restoring a bios isn't that
hard. But booting up Linux in a few seconds is truely impressive.
> > > And here's my proposal: have a look at the "capabilities" attribute in
> > > the kernel. It's rather Un-Unix-like,
> >
> > really? I thought BSD supports capabilities since quite a while (same
> > with AIX if memory serves me right).
>
> So it does. I didn't realize this was as common as I just discovered...
Well, even the Linux kernel does support it since quite a while. The problem
seems to be the userspace programs to take advantage of it. And, as allways,
one hase to meassure the increased security with the higher complexity of
administration.
Ralf
More information about the LUG
mailing list