Subject: Re: verified executable kernel modification committed
To: grant beattie <grant@netbsd.org>
From: Brett Lymn <blymn@baesystems.com.au>
List: current-users
Date: 10/30/2002 11:52:01
On Wed, Oct 30, 2002 at 12:03:04PM +1100, grant beattie wrote:
>
> Are there alternative ways (already existing or not) to activate it? The
> securelevel scheme prevents it from being used effectively when options
> INSECURE is used. :(
>
That has implications. Part of the scheme relies on the fact that the
underlying disk cannot be manipulated behind the kernel's back. Part
of what the securelevel does is prevent access to the raw disk
devices, trying to nail a plank to the INSECURE kernel jelly is bound
to result in disappointment. Having said that, you do not need to
raise the securelevel, you will still get logging about fingerprint
mismatches and no fingerprints - it just will not make those fatal. I
am thinking about adding a flag to the fingerprints that will tell
verified exec that a fingerprint mismatch is always a bad thing, I was
going to do this for security critical files but this may give you
what you want but with some provisos... such as if someone gets root
they may be able to mess you around by manipulating the raw disk.
--
Brett Lymn