Re: [PATCH] BSD Secure Levels LSM

From: Martin Pool (mbp@private)
Date: Tue Nov 25 2003 - 22:04:35 PST

Next message: Serge E. Hallyn: "Re: [PATCH] BSD Secure Levels LSM"

Previous message: Chris Wright: "Re: [PATCH] BSD Secure Levels LSM"
Maybe in reply to: Michael A. Halcrow: "[PATCH] BSD Secure Levels LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> My personal preference is to implement a
> password-based seclvl reduction rather than to link it to an
> executable file (echo "abracadabra" > /sysfs/security/seclvl). Now
> that I think about it, this would be a great opportunity to use the
> MD5 code that's now in the kernel ;-). 

Or better yet, SHA-1.  The administrator could initialize the module
with just the hash, and avoid having the password on the machine at
all until they want to unlock it.  If they use a strong key and keep
it somewhere secure off the machine it should be very safe indeed.

-- 
Martin 
                               linux.conf.au -- Adelaide, January 2004

Next message: Serge E. Hallyn: "Re: [PATCH] BSD Secure Levels LSM"
Previous message: Chris Wright: "Re: [PATCH] BSD Secure Levels LSM"
Maybe in reply to: Michael A. Halcrow: "[PATCH] BSD Secure Levels LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Nov 25 2003 - 22:12:31 PST