[rsbac] secure module handling

Andreas Baetz rsbac@rsbac.org
Wed Sep 4 11:42:01 2002


to make sure that only trusted kernel modules are loaded,
I did the following (using RC and version 1.1.2):
- assigned /lib/modules to rc_type_fd modules
- assigned all binaries and libraries to rc_type_fd sysfiles
- all roles have read_only to sysfiles and modules
- created role module_admin
- assigned rc_force_role of /sbin/insmod to role module_admin
- removed add_to_kernel and remove_from_kernel 
  from all roles except module_admin
- removed all permissions to General_FD from
  role module_admin

Now insmod can only load modules from /lib/modules and
nobody can write there. The system works, but everytime
modprobe, lsmod, rmmod or insmod are called, they try
to access /etc/ld.co.cache. This is not granted. The modules
get loaded and unloaded, though. Now I granted the role
module_admin read to this file, but the inode changes every time
ldconfig is run. But I don't want to grant read to /etc fo that role,
because then root could create some module there and load it.

What do you think about my solution ? Any comments ?

Andreas Baetz

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been scanned
for the presence of computer viruses.