[nycbug-talk] kernels
Bob Ippolito
bob
Thu Jun 3 18:41:55 EDT 2004
On Jun 3, 2004, at 6:01 PM, Roland C. Dowdeswell wrote:
> On 1086299387 seconds since the Beginning of the UNIX epoch
> Bob Ippolito wrote:
>>
>
>> On Jun 3, 2004, at 5:34 PM, Roland C. Dowdeswell wrote:
>>
>>> On 1086295432 seconds since the Beginning of the UNIX epoch
>>> Bob Ippolito wrote:
>>>>
>>>
>>>> The security argument is kind of silly, because if that really was a
>>>> concern you could add a sysctl that lets you turn module loading off
>>>> (forever) at runtime. So you boot up, load your modules, and turn
>>>> module loading off. In practice, nobody really does this (as far
>>>> as I
>>>> know) because only root can load kernel modules and root can do
>>>> whatever he wants anyway, whether or not the kernel is split into 1
>>>> or
>>>> 1000 pieces.
>>>
>>> There are things that you do not want to allow even root to do
>>> without dropping into single user mode on the console. And you
>>> have to disable LKM loading in order to get there. E.g. on NetBSD
>>> in secure level > 0, root cannot grovel the PCI bus and directly
>>> access hardware, write to immutable files, etc.
>>
>> Sure, but that is completely orthogonal to *having* LKM. It's very
>> easy to have a kill-switch sysctl that turns it off until the next
>> reboot.
>
> Yes, of course. I was just pointing out that one of your assertions,
> ``root can do whatever he wants anyway'' is not entirely accurate.
> I was not arguing that a switch to turn off LKM loading would not
> solve the issue, in fact that's how NetBSD deals with it. LKMs
> are not allowed to be loaded or unloaded in securelevel > 0.
Well, I know that root isn't ring 0, but you can do a whole lot of
nasty stuff like rewrite the boot loader and reboot, or read/write
memory in other proceses, shutdown the machine, wipe the partition
table, etc. I'm not familiar enough with the implementation of the
*BSDs to know whether or not they try and disable any of these things
given an appropriate security setting.
-bob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2357 bytes
Desc: not available
Url : http://lists.nycbug.org/pipermail/talk/attachments/20040603/3b71c604/attachment.bin
More information about the talk
mailing list