On Mon, Jun 18, 2001 at 04:02:08AM -0300, Peter Cordes wrote:
>
> You need to keep it somewhere if you ever want to build more modules
> that that kernel will load. I don't know why I assumed it would be
> stored in the kernel image.
it could be a separate file, encrpyted (like gpg private keys) and
even kept on a floppy somewhere.
> Hmm, if you compiled on a separate machine, or kept the key on a
> floppy, you could do make change the last step to "get all traces of
> the key off the 'secure' machine".
yup
> exactly. starting with the signing and IO protecting would be a very
> good start.
yup
> As for secure block devs, you could have the kernel drop the ability
> to write to certain partitions of certain disks, or something like
> that. Blocking writes to mounted partitions wouldn't help for
> partitions that can be unmounted and remounted easily. (writes to the
> whole-drive block devices would have to go through the same checks, or
> maybe even be blocked entirely if they fell within space allocated to
> a partition.) If this got done, the signing idea would kick ass.
> As it is, it's just pretty good...
whats annoying is BSD already has this, and has for quite some time.
at bootup of a standard Free,Net, or OpenBSD box the securelevel is
raised to 1, which denies root the ability to remove system immutable
flags, it also denies root the ability to write to raw block devices
for the mounted filesystems, but not to the whole disk device, so he
could still hack the filesystem, its just a tad harder.
raising the securelevel to 2 denies access to all disk block devices,
whole and partitions mounted or not. (among other things like sealing
firewall rules and such).
iirc the 2.0 linux kernel had a securelevel which was about equivilent
to BSD securelevels. 2.2 removed it since `capabilities make
securelevel obsolete' well not quite heh.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature