Anyway, what if we were to institute a system where a kernel module could be
digitally signed by assorted authorities as 'blessed?' (insert netrek
flashback here.) I know that this sounds a bit like the crap Micro$loth has
been puting in their browser lately, but sooner or later we are going to be
faced with a lot of naive users and a lot of nefarious kernel
hackers/crackers.
The idea seriously needs some hashing out, but thinking about this sort of
thing now might save us some headache later...
rOn
> -----Original Message-----
> From: Keith Owens [mailto:kaos@ocs.com.au]
> Sent: Tuesday, June 06, 2000 9:48 PM
> To: buddy@r43h85.res.gatech.edu
> Cc: linux-kernel@vger.rutgers.edu
> Subject: Re: 'lock' modules?
>
>
> On Tue, 6 Jun 2000 21:57:19 -0400 (EDT),
> buddy@foobar.resnet.gatech.edu wrote:
> >I was wondering if anyone has considered modifying the linux
> kernel such
> >that the modules may be 'locked'.
>
> Repeatedly. And the answer is always the same - "how can you tell the
> difference between a good and a bad root user?". root can build,
> change, load and unload modules, whether on this session or
> on the next
> reboot. There is no way to distinguish between an authorised
> root user
> and an "unauthorised" root user, a root by any other name has the same
> power.
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe
> linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/