Subject: Re: Where to put firmware?
To: Bill Squier <groo@old-ones.com>
From: Gary Thorpe <gathorpe79@yahoo.com>
List: tech-kern
Date: 08/23/2002 15:00:15
--- Bill Squier <groo@old-ones.com> wrote:
> On Fri, Aug 23, 2002 at 02:38:32PM -0400, Gary
> Thorpe wrote:
> > However, since root can acess kernel memory via
> > /dev/kmem, how can lkms be much less secure?
> Anyone
> > who has access to root and can load lkms can do
> > equally nasty things even without lkm.
> 
> man init
> /securelevel
> 
> -- 
> Bill Squier (groo@old-ones.com)                     
>     http://www.netbsd.org
> 
>         I know I don't deserve another chance, but
> this _is_ America,
>         and as an American, aren't I entitled to
> one?  --Sideshow Bob.

Then maybe securelevel should also restrict lkm usage?
Regardless, no one is forced to use lkms: I'm sure
there is a section in the kernel configuration to
DISABLE them just like many other parts of the kernel
can be left out. The argument just doesn't make any
sense: anyone who is that concerned about secuirty to
leave out lkms won't be affected by them, regardless
of what lkms are written etc.

However, since the kernel itself can be circumvented
at boot time by using single mode or boot media
besides the normal one, the securelevel still cannot
help you. 

______________________________________________________________________ 
Post your ad for free now! http://personals.yahoo.ca