Re: kernel module loading vs securelevel

To: Andrew Doran <ad%NetBSD.org@localhost>
Subject: Re: kernel module loading vs securelevel
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Sat, 16 Oct 2010 16:39:46 -0400

On Sat, Oct 16, 2010 at 08:28:42PM +0000, Andrew Doran wrote:
> 
> I may be missing your point but there are other ways of sabotaging
> the securelvel mechanism without kernel modules available.  It doesn't
> seem like a new problem to me.  A more obvious way to be mischievous
> for sure but not new.

Generally speaking, the other ways require a reboot.  So this is worse
in what seems to me a relevant way.

I'm starting to think the simplest thing -- though it is not so simple! --
that lets people building systems where securelevel actually is used to
protect a TCB continue to do so, yet use kernel modules, is to record
which modules may be autoloaded at boot time, whether by content hash or
dev/ino (with the immutable requirement to ensure reuse does not screw
us up).  The latter seems like it _should_ be simpler but I bet in practice
the former really is.

Thor

References:
- Re: kernel module loading vs securelevel
  - From: Thor Lancelot Simon
- Re: kernel module loading vs securelevel
  - From: Izumi Tsutsui
- Re: kernel module loading vs securelevel
  - From: Thor Lancelot Simon
- Re: kernel module loading vs securelevel
  - From: Andrew Doran

Prev by Date: Re: kernel module loading vs securelevel
Next by Date: Re: kernel module loading vs securelevel
Previous by Thread: Re: kernel module loading vs securelevel
Next by Thread: Re: kernel module loading vs securelevel
Indexes:

Home | Main Index | Thread Index | Old Index