On Sat, Jun 16, 2001 at 07:43:38PM +0200, Sjarn Valkhoff wrote: > How feasable would it be to digitally sign kernel modules? Using a trusted > local private key, a module could be signed at compile time. The kernel > could be patched to disallow any unsigned modules from loading. I have no > idea if this is technically possible, but Knark seems to be a persistent > weakness in security measures such as Tripwire. a solution you can use today is installing lcap and running at boot like so: lcap CAP_SYS_MODULE CAP_SYS_RAWIO which will disable module loading entirely as well as access to /dev/mem (which can be just as dangerous as a kernel module and would bypass your signed module thing nicely). this way they would have to reboot your machine to reenable module loading. i don't know about you, but a reboot not done by me gets VERY close scrutiny. otoh you could also add CAP_SYS_BOOT to that list, then if they reboot init will kill everything and the box will halt when the last initscript calls /sbin/reboot ;-) (annoying if you like remote administration, you have to hit the reset button after issuing shutdown -r now...) -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp5F2exag8cN.pgp
Description: PGP signature