"Titus D. Winters" wrote: > But seriously, I would agree that a switch to turn off further > insertion of modules would be nice. We have to make sure that our > generalized framework will allow for such. Modules can be very powerful, > both for good and evil. > > On Thu, 12 Apr 2001, Kurt Seifried wrote: > > > You know something that would be nice is a kernel switch that disabled touching > > modules completely, i.e. you boot, load some modules (like subdomain module/etc) > > then flip a switch and you can't add or remove modules (sort of like a > > securelevel). Yeah, that'd definately be nice. > > > > Kurt Seifried In general, the security mechanisms I see as most promising are unidirectional moves: once it goes multi-user, you cannot change immutable files once a capability is dropped, ... once you've done chroot(2), ... once the process drops root privilege, ... _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 10:40:22 PDT