[vox-tech] Linux file/module security proposal.
Wes Hardaker
wjhns156 at hardakers.net
Fri Aug 22 06:35:21 PDT 2008
>>>>> On Thu, 21 Aug 2008 18:32:29 -0700, Bill Broadley <bill at cse.ucdavis.edu> said:
BB> Does your distro/kernel allow writing to memory?
I meant protected even via root access... But SElinux should provide
this (I'm not an SELinux expert, mind you).
BB> Not sure how you could prevent future loading of modules, or require
BB> loading only from RO media.
You'd have to only allow loading from the RO media. Anytime you wanted
something new, you'd need to boot from something new. It'd be a pain
when you needed to change, of course.
--
"In the bathtub of history the truth is harder to hold than the soap,
and much more difficult to find." -- Terry Pratchett
More information about the vox-tech
mailing list