On 20 Jan 1999, Kenneth Jacker wrote:
> But since "modules" run as part of the kernel, can't a (malicious)
> user essentially execute what they wish within their module code
> (e.g., change ownership of files, access restricted info, etc.)?
> Hopefully my fears are unwarranted.
>
The kernel owns the machine. Whether or not your fears are warranted
depends on your students. Suffice it to say that I would not allow kernel
hacking on a production system. Expect your students to wreck the machine
on which they're testing code. Allowing sudo access for insmod/rmmod will
only help those who might inadvertently cd /; \rm -rf * with full root
access, it won't really make the machine more secure.
Whether you need to disconnect from the network is another question. If
you are on a network which people expect to be private, then a disconnect
would be a good idea, especially if passwords on your net are passed in
plain-text (it is trivial to install a password sniffer and gather faculty
passwords). On the other hand, many campus nets are totally open, and if
students can boot the machine(s) from a floppy, they can sniff all they
want in any case (there are DOS as well as Linux sniffers that fit on a
single disk).
I would emphasize that students are expected to behave in a professional
manner. It is critical part of their training, in my opinion, especially
at the level at which your course is focused. Security problems will
undoubtedly confront them all in the future and it is probably useful for
them to understand the security implications of what they are doing. A
better understanding will not make them more dangerous, but more
legitimate and effective custodians of technology. (If they -and we- all
insist on buying only secure products what a wonderful world this will
be!)
And, in an ideal world, you could expel, or at least fail, those who abuse
their privileges.
Just my $0.02,
-Don
--- [rtl] ---
To unsubscribe:
echo "unsubscribe rtl" | mail [EMAIL PROTECTED] OR
echo "unsubscribe rtl <Your_email>" | mail [EMAIL PROTECTED]
----
For more information on Real-Time Linux see:
http://www.rtlinux.org/~rtlinux/
