[vox-tech] Linux file/module security proposal.
Alex Mandel
tech_dev at wildintellect.com
Thu Aug 21 12:40:30 PDT 2008
Wes Hardaker wrote:
>>>>>> On Thu, 21 Aug 2008 07:53:58 -0700, jim <jim at well.com> said:
>
> j> it would be important to partition the hard
> j> drive and load only the kernel, libraries,
> j> executables, and config files that were necessary
> j> to support the service.
>
> I think that's a great idea, but you really need to boot off of a
> non-writable device during the install process to ensure you're not
> running a messed-with kernel.
>
> (but a slew of USB key fobs that has a lock switch maybe :-)
I think you guys are starting to tread on the territory of virtual
appliances. Where you have JEOS (Just enough Operating System) for the
one function you need in a virtual machine. You can make canned images
to put up a new machine really quickly and migrate them about as needed.
This allows you to keep your real host OS off the radar and if the data
storage for the appliance is on another machine you could offload having
to reload that, or just rebuild it from backups but everything else
would be fresh.
Alex
More information about the vox-tech
mailing list