Re: Feature request

• Previous message: Casey Schaufler: "Re: intercepting system calls"
• In reply to: Kurt Seifried: "Feature request"
• Next in thread: Greg KH: "Re: Feature request"
• Next in thread: Neil Bortnak: "Specifications (the beginning)"
• Reply: Greg KH: "Re: Feature request"
• Reply: Sandy Harris: "Re: Feature request"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Be bad: overwrite init_module in sys_call_table.  You can write a module
that'll do it.  I guess the trick is getting it to run regardless of what
people do to init.

But seriously, I would agree that a switch to turn off further
insertion of modules would be nice.  We have to make sure that our
generalized framework will allow for such.  Modules can be very powerful,
both for good and evil.


On Thu, 12 Apr 2001, Kurt Seifried wrote:

> You know something that would be nice is a kernel switch that disabled touching
> modules completely, i.e. you boot, load some modules (like subdomain module/etc)
> then flip a switch and you can't add or remove modules (sort of like a
> securelevel). Yeah, that'd definately be nice.
>
> Kurt Seifried
>
>
>
>
>
>
> _______________________________________________
> linux-security-module mailing list
> linux-security-moduleat_private
> http://mail.wirex.com/mailman/listinfo/linux-security-module
>


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Greg KH: "Re: Feature request"
• Previous message: Casey Schaufler: "Re: intercepting system calls"
• In reply to: Kurt Seifried: "Feature request"
• Next in thread: Greg KH: "Re: Feature request"
• Next in thread: Neil Bortnak: "Specifications (the beginning)"
• Reply: Greg KH: "Re: Feature request"
• Reply: Sandy Harris: "Re: Feature request"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 10:31:54 PDT