Thu Jun 3 18:06:02 EDT 2004
Roland C. Dowdeswell wrote:
>On 1086299387 seconds since the Beginning of the UNIX epoch
>Bob Ippolito wrote:
>>On Jun 3, 2004, at 5:34 PM, Roland C. Dowdeswell wrote:
>>>On 1086295432 seconds since the Beginning of the UNIX epoch
>>>Bob Ippolito wrote:
>>>>The security argument is kind of silly, because if that really was a
>>>>concern you could add a sysctl that lets you turn module loading off
>>>>(forever) at runtime. So you boot up, load your modules, and turn
>>>>module loading off. In practice, nobody really does this (as far as I
>>>>know) because only root can load kernel modules and root can do
>>>>whatever he wants anyway, whether or not the kernel is split into 1 or
>>>There are things that you do not want to allow even root to do
>>>without dropping into single user mode on the console. And you
>>>have to disable LKM loading in order to get there. E.g. on NetBSD
>>>in secure level > 0, root cannot grovel the PCI bus and directly
>>>access hardware, write to immutable files, etc.
>>Sure, but that is completely orthogonal to *having* LKM. It's very
>>easy to have a kill-switch sysctl that turns it off until the next
>Yes, of course. I was just pointing out that one of your assertions,
>``root can do whatever he wants anyway'' is not entirely accurate.
>I was not arguing that a switch to turn off LKM loading would not
>solve the issue, in fact that's how NetBSD deals with it. LKMs
>are not allowed to be loaded or unloaded in securelevel > 0.
how does setting the securelevel in NetBSD work? i'm not very familiar
with it :( Is this a boot time option, or kernel compiletime option?
I'd assume setting security levels ala sysctl would not be the best
thing. If someone get's root, then can alter sysctl parms. etc....
> Roland Dowdeswell http://www.Imrryr.ORG/~elric/
email: pete at nomadlogic.org
More information about the talk