Subject: Re: new lkm stuff ?
To: Kevin P. Neal <firstname.lastname@example.org>
From: Peter Svensson <email@example.com>
Date: 08/24/1996 11:38:18
> The idea of Linux loading/unloading kernel modules on the fly in a running
> system bothers me, and strikes me as a hell of a security hole if an
> intruder gains the ability to write to the root filesystem. Let's not go
> that route, please.
Actually, the idea is not so bad. If securelevel is set no modules should be
allowed to be loaded, and you either compile the thing in, or load it at
boot-time. If, on the other hand, securelevel is not set to a secure level,
and module loads are allowed, automagically loading and unloading modules
would not be so bad.
The talk about an indruder being able to write to the root disk doesn't buy
you much, if he can write to the root fs, he can just insert a new kernel and
wait for a reboot.
My sleep-deprived idea: load a list of allowed modules into the kernel att
boot-time, and mark those modules as immutable. Afterwards, only modules from
the "allowed list" can be loaded. Since the immutable flag is set, the modules
should be as safe as the kernel itself (provided the securelevel is
appropriatly set, of course).