On Sat, Oct 16, 2010 at 01:17:47PM -0700, Paul Goyette wrote:
> On Sat, 16 Oct 2010, David Holland wrote:
>
>> > And also make the "blessed" directory itself immutable? :)
>>
>> As I recall the semantics of immutable are such that this isn't
>> necessary to protect modules that are present at boot
From: Thor Lancelot Simon
Subject: How to make module autoloading play nice with securelevel
To: "Paul Goyette"
Cc: "David Holland" , tech-kern@NetBSD.org,
tech-secur...@netbsd.org
Received: Saturday, October 16, 2010, 4:26 PM
On Sat, Oct 16, 2010 at 01:17:47PM -0700, Paul G
On Sat, Oct 16, 2010 at 07:56:22PM -0700, Gary Thorpe wrote:
>
> Would it be useful to use digital signatures with kernel modules and
> have the user decide which signatures are "trusted" (including the
> options of accepting any or unsigned modules [all])? Is it infeasible,
> too hard or not very
On Sun, Oct 17, 2010 at 08:09:24AM -0400, Thor Lancelot Simon wrote:
> On Sat, Oct 16, 2010 at 07:56:22PM -0700, Gary Thorpe wrote:
> >
> > Would it be useful to use digital signatures with kernel modules and
> > have the user decide which signatures are "trusted" (including the
> > options of acce
There is discussion about how to deal with securing access to module
contents via kobj_load_vfs(), which I won't repeat.
Let me ask two highlevel questions:
1) what class of systems care to enable securelevel, yet still
need to load some random set of modules after boot?
Are the
> "Thor" == Thor Lancelot Simon writes:
>> Would it be useful to use digital signatures with kernel modules
>> and have the user decide which signatures are "trusted"
>> (including the options of accepting any or unsigned modules
>> [all])? Is it infeasible, too hard or not ve
On Sun, 17 Oct 2010 21:34:09 -0400, Michael Richardson
wrote:
> Let me ask two highlevel questions:
> 1) what class of systems care to enable securelevel, yet still
>need to load some random set of modules after boot?
>Are they x86 desktops or multi-gigabit servers in the clou