[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security patches

On Fri, 19 Dec 2003, Russell Coker wrote:
> In terms of LSM protection against this, if you use SE Linux then all aspects 
> of file access and module loading are controlled by the policy.  I am going 
> to write a policy that implements something similar to BSD secure levels so 
> that you can put a server into a mode where all kmem and module load access 
> is disabled.  That should be all you need.

I think there is a LSM "BSD secure levels" module around (that has nothing
to do with SE Linux), which should be much easier an install for those who
want to play with BSD secure levels in Linux.

Russel, do you know if there is any talk about changing the kernel itself so
that it cannot write to its own exec pages?  That would kill the stealth
capabilities of _all_ kernel-changing rootkits but ones that change the
on-disk kernel image or initrd image itself...  (and having those on RO
media is quite straightforward, anyway).

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: