l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2008 Aug 22 11:36

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Linux file/module security proposal.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Linux file/module security proposal.



Wes Hardaker wrote:
>>>>>> On Thu, 21 Aug 2008 18:32:29 -0700, Bill Broadley <bill@cse.ucdavis.edu> said:
> 
> BB> Does your distro/kernel allow writing to memory?
> 
> I meant protected even via root access...  But SElinux should provide
> this (I'm not an SELinux expert, mind you).

I meant via root.  Does it work on your system by default?

> BB> Not sure how you could prevent future loading of modules, or require
> BB> loading only from RO media.
> 
> You'd have to only allow loading from the RO media.  Anytime you wanted
> something new, you'd need to boot from something new.  It'd be a pain
> when you needed to change, of course.

I'm not against it in principal, I just don't see how it would be practical to 
implement.  The signed modules has an implementation, and doesn't require the 
reboots.  But does require a module to be signed private key.  So you can 
leave 100s of unused modules around and load them willy nilly, but still can't 
run a trojan module... all without having any exposure since the private key 
does not need to be on the system.
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!