[nycbug-talk] kernels

Bob Ippolito bob
Thu Jun 3 18:41:55 EDT 2004


On Jun 3, 2004, at 6:01 PM, Roland C. Dowdeswell wrote:

> On 1086299387 seconds since the Beginning of the UNIX epoch
> Bob Ippolito wrote:
>>
>
>> On Jun 3, 2004, at 5:34 PM, Roland C. Dowdeswell wrote:
>>
>>> On 1086295432 seconds since the Beginning of the UNIX epoch
>>> Bob Ippolito wrote:
>>>>
>>>
>>>> The security argument is kind of silly, because if that really was a
>>>> concern you could add a sysctl that lets you turn module loading off
>>>> (forever) at runtime.  So you boot up, load your modules, and turn
>>>> module loading off.  In practice, nobody really does this (as far 
>>>> as I
>>>> know) because only root can load kernel modules and root can do
>>>> whatever he wants anyway, whether or not the kernel is split into 1 
>>>> or
>>>> 1000 pieces.
>>>
>>> There are things that you do not want to allow even root to do
>>> without dropping into single user mode on the console.  And you
>>> have to disable LKM loading in order to get there.  E.g. on NetBSD
>>> in secure level > 0, root cannot grovel the PCI bus and directly
>>> access hardware, write to immutable files, etc.
>>
>> Sure, but that is completely orthogonal to *having* LKM.  It's very
>> easy to have a kill-switch sysctl that turns it off until the next
>> reboot.
>
> Yes, of course.  I was just pointing out that one of your assertions,
> ``root can do whatever he wants anyway'' is not entirely accurate.
> I was not arguing that a switch to turn off LKM loading would not
> solve the issue, in fact that's how NetBSD deals with it.  LKMs
> are not allowed to be loaded or unloaded in securelevel > 0.

Well, I know that root isn't ring 0, but you can do a whole lot of 
nasty stuff like rewrite the boot loader and reboot, or read/write 
memory in other proceses, shutdown the machine, wipe the partition 
table, etc.  I'm not familiar enough with the implementation of the 
*BSDs to know whether or not they try and disable any of these things 
given an appropriate security setting.

-bob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2357 bytes
Desc: not available
Url : http://lists.nycbug.org/pipermail/talk/attachments/20040603/3b71c604/attachment.bin 



More information about the talk mailing list