RE: own kernel vs debian kernel (was: ptrace exploit)
> What you say here may lead to confusion. A monolithic kernel doesn't give you added security toward a modular kernel. To > make the kernel a little bit more secure I'd use grsecurity (ie to prevent code injection, syscall hijacking and so on).
the linux kernel IS monolithic no matter if you enable loadable modules or not. if you
use modules, it doesn't change the basic structure of the kernel (it is monolithic by design). i think disabling modules on a secure machine is a good idea, but using grsecurity is strongly recommended.
___________________________________________
Gergely Trifonov mailto:gergely.trifonov@indweb.hu
System Administrator
IND - Interactive Net Design http://www.indweb.hu
Széchenyi u. 70. H - 3530 Miskolc Hungary
Phone: +36 46 505 106 Fax: +36 46 505 107
Mobile: +36 20 5199 114
!Please install IND CA Certificate as TRUSTED CA!
https://www.indweb.hu/IND.crt
-----Original Message-----
From: Filippo Carone [mailto:f.carone@fastwebnet.it]
Sent: Thursday, April 17, 2003 3:05 AM
To: debian-security@lists.debian.org
Subject: Re: own kernel vs debian kernel (was: ptrace exploit)
* Dale Amon (amon@vnl.com) ha scritto:
> I roll my own; nomodules for servers or secure machines, modules for
> non-secure workstations. Configure them to the specific minimum requirements
> of the particular use and not one option more.
What you say here may lead to confusion. A monolithic kernel doesn't give you added security toward a modular kernel. To make the kernel a little bit more secure I'd use grsecurity (ie to prevent code injection, syscall hijacking and so on).
Just use modules if you like them.
>
> Probably best recommendation is to build your own and make kpkg's.
>
IMHO that's a "Good Thing"(TM).
Cheers,
fc
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: