On Fri, 19 Dec 2003 20:18, Henrique de Moraes Holschuh <[EMAIL PROTECTED]> wrote: > On Fri, 19 Dec 2003, Russell Coker wrote: > > In terms of LSM protection against this, if you use SE Linux then all > > aspects of file access and module loading are controlled by the policy. > > I am going to write a policy that implements something similar to BSD > > secure levels so that you can put a server into a mode where all kmem and > > module load access is disabled. That should be all you need. > > I think there is a LSM "BSD secure levels" module around (that has nothing > to do with SE Linux), which should be much easier an install for those who > want to play with BSD secure levels in Linux.
It has been floating around. AFAIK it was never released in a fully working form, and it definately has not been included in the kernel.org kernel. > Russel, do you know if there is any talk about changing the kernel itself > so that it cannot write to its own exec pages? That would kill the stealth > capabilities of _all_ kernel-changing rootkits but ones that change the > on-disk kernel image or initrd image itself... (and having those on RO > media is quite straightforward, anyway). Smart-ass answer: It's called the HURD. Serious answer: The kernel has to be able to manage all aspects of virtual memory, so protecting it from itself is impossible. If we went to some sort of HAL scheme similar to NT then we could do some of this (but it doesn't seem to do NT much good). If we went to a full micro-kernel then we could have only the micro-kernel itself being granted such access, but then it wouldn't be Linux any more. SE Linux could be ported to the HURD. Much (most?) of the early work that SE Linux is based on was done on micro-kernelled OSs. I have no time to do the serious stuff (restricting which "ports" a process can use when communicating with other processes and the micro-kernel, or porting the security server to be a daemon/translator), but I can help with some of the testing and writing policy. It should be possible to make SE HURD more secure than SE Linux. I am sure that the NSA people would be intersted in such a project, I doubt that they would have any time to contribute to it, but I'm sure that they would give some good advice if asked. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
