tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kernel module loading vs securelevel

On Sat, Oct 16, 2010 at 08:28:42PM +0000, Andrew Doran wrote:
> I may be missing your point but there are other ways of sabotaging
> the securelvel mechanism without kernel modules available.  It doesn't
> seem like a new problem to me.  A more obvious way to be mischievous
> for sure but not new.

Generally speaking, the other ways require a reboot.  So this is worse
in what seems to me a relevant way.

I'm starting to think the simplest thing -- though it is not so simple! --
that lets people building systems where securelevel actually is used to
protect a TCB continue to do so, yet use kernel modules, is to record
which modules may be autoloaded at boot time, whether by content hash or
dev/ino (with the immutable requirement to ensure reuse does not screw
us up).  The latter seems like it _should_ be simpler but I bet in practice
the former really is.


Home | Main Index | Thread Index | Old Index