[rsbac] About insmod - lkm
Josh Beagley
j.beagley at student.qut.edu.au
Tue Mar 4 18:40:24 MET 2003
> Amon Ott:
>
> I have one question:
> If root insmod a kernel module which has changed the
> implement of some important syscall,such as open, read and write,
> how can we ensure the security of kernel with RSBAC?
> Wating for your reply.
> Thanks!
>
>
>
>
> = = = = = = = = = = = = = = = = = = =
>
>
>
>
> ¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡G.F. Liu
> ¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡gfliu at redflag-linux.com
> ¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡2003-03-04
>
>
>
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
rsbac allows you to restict which programs/users can insert modules, not
just use the program insmod, but disallow hooking the module into the
kernel. Additonally I think it would be possible to restrict which modules
could be loaded to a select few.
There is also another project namedSt. Jude, which stops trojan/rootkit
modules, but I was unsuccusfll in getting it to compile, and was unable to
contact the author.
More information about the rsbac
mailing list