l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2008 Aug 22 11:36

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Linux file/module security proposal.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Linux file/module security proposal.

>>>>> On Fri, 22 Aug 2008 09:37:44 -0700, Bill Broadley <bill@cse.ucdavis.edu> said:

BB> I meant via root.  Does it work on your system by default?

Err...  Not actually sure.  I don't run SELinux by default since I have
a heavy development machine and it doesn't work perfectly (I'm a prime
example of someone who needs a better method for policy tweaking).

I suspect that there is a device I could write to that would let me
trump something in memory not assigned to the current process.  But I'm
not a heavy kernel hacker ;-)

BB> The signed modules has an implementation, and doesn't require the
BB> reboots.

I think I've come off too negative, btw.  I actually *do* want you to
succeed.  I was trying to point out all the things that need to be
thought about :-)  I do think they're all work-around-able.  They just
all need to be done.

One more thought: are you going to allow people to generate private keys
for loading privately compiled modules (preferably offline or on a
different system)?  IE, do you have any kernel modules loaded that
aren't distributed from your distro vendor?  Things like self-compiled
vmware, nvidia, etc drivers need to be signed...  If you only have a
distro key you've locked yourself out too (which is both good and bad).
"In the bathtub of history the truth is harder to hold than the soap,
 and much more difficult to find."  -- Terry Pratchett
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.