On Fri, 2012-12-21 at 12:45 +0100, daniel curtis wrote: > Hi, > > You have written that the sysctl kernel.modules_disabled=1 option > is available. I know that, but with cryptographically signed modules > the kernel can check the signature and refuse to load any module > that can't be verified. Whether this sysctl option offers something > similar? It's even more secure! :-) > By writing, that symlink and hardlink restrictions are already > backported > and enabled by default in the Debian package, You mean a kernel > package, > right? Yes, the Debian package of the Linux kernel, that's what we talk about here... Ben. -- Ben Hutchings Make three consecutive correct guesses and you will be considered an expert.
Attachment:
signature.asc
Description: This is a digitally signed message part