On Fri, 18 Jan 2002, Florian Weimer wrote:
> "Mr. James W. Laferriere" <babydr@baby-dragons.com> writes:
> > Hello Alan ,
> > On Mon, 14 Jan 2002, Alan Cox wrote:
> >> > 1. security, if you don't need any modules you can disable modules entirly
> >> > and then it's impossible to add a module without patching the kernel first
> >> > (the module load system calls aren't there)
> >> Urban legend.
> > I do not agree . Got proof ? Yes that is a valid question .
> http://www.phrack.org/phrack/58/p58-0x07
Thank you for the pointer . Fine you do not need to allow modules
in order for a hacker to insert their code . It is still another
thing to allow modules & not put & use signatures on them . AFAIK
Linux doesn't have a method to load encrypted & signed modules at
this time . Please , someone prove me wrong . I -personally-
like statically compiled kernels . The method being pushed forth
at present doesn't allow that , Unless I am completely mistaken
about what Alan & the rest have been discussing . Again PLEASE
someone prove me wrong about this also .
> Globally preloading a shared library in user space is almost as
> effective, BTW, unless your critical binaries are linked statically
> (which is unusual on most systems nowadays).
I can beleive that 8-} . Statically or written to readonly media
or the drive hard set to readonly ;-) . I have followed most of
Alan's suggestions security concerns over the years & a few that
I thought of along the way . Which later I found had been being
done alot longer than I would have thought . Tia , JimL
+------------------------------------------------------------------+
| James W. Laferriere | System Techniques | Give me VMS |
| Network Engineer | P.O. Box 854 | Give me Linux |
| babydr@baby-dragons.com | Coudersport PA 16915 | only on AXP |
+------------------------------------------------------------------+
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/