[rsbac] About insmod - lkm
Amon Ott
ao at rsbac.org
Tue Mar 4 09:47:45 MET 2003
On Tuesday 04 March 2003 09:23, Áõ¸ï·Ç wrote:
> I have one question:
> If root insmod a kernel module which has changed the implement of some
important syscall,such as open, read and write, how can we ensure the
security of kernel with RSBAC?
We generally do not allow root's default role to insmod (ADD_TO_KERNEL).
Instead, insmod, modprobe, rmmod get a special RC role which has read access
only to controlled files, e.g. libraries and /lib/modules/*.
Additionally, raw access to kernel mem is denied by default, so you cannot
bypass the official module syscalls.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list