On Sat, Jun 16, 2001 at 07:43:38PM +0200, Sjarn Valkhoff wrote:
> How feasable would it be to digitally sign kernel modules? Using a trusted
> local private key, a module could be signed at compile time. The kernel
> could be patched to disallow any unsigned modules from loading. I have no
> idea if this is technically possible, but Knark seems to be a persistent
> weakness in security measures such as Tripwire.
a solution you can use today is installing lcap and running at boot
like so:
lcap CAP_SYS_MODULE CAP_SYS_RAWIO
which will disable module loading entirely as well as access to
/dev/mem (which can be just as dangerous as a kernel module and would
bypass your signed module thing nicely).
this way they would have to reboot your machine to reenable module
loading. i don't know about you, but a reboot not done by me gets
VERY close scrutiny.
otoh you could also add CAP_SYS_BOOT to that list, then if they reboot
init will kill everything and the box will halt when the last
initscript calls /sbin/reboot ;-) (annoying if you like remote
administration, you have to hit the reset button after issuing
shutdown -r now...)
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
