Subject: Re: LKM's shouldn't be allowed to be loaded in multiuser mode.
To: None <tech-kern@NetBSD.ORG>
From: Christoph Badura <firstname.lastname@example.org>
Date: 03/23/1995 17:58:00
>I believe that in a secure environment you should make the kernel and the
>/etc/rc* files immutable, so even if a bad guy does get root they can't modify
Also /.profile has to be immutable.
Also any programs/scripts executed from the rc-scripts and any files
that affect the behaviour of these scripts should probably made
>Unfortunately, that does make it so you have to go to single
>user to modify these files, which can be a drag at times.
That seems to be the price one has to pay for security.
Christoph Badura email@example.com +49 721 606137
Es genuegt nicht, keine Gedanken zu haben;
man muss auch unfaehig sein, sie auszudruecken. - Karl Kraus