[rsbac] About insmod - lkm
=?GB2312?Q?=C1=F5=B8=EF=B7=C7?=
gfliu at redflag-linux.com
Thu Mar 6 09:39:22 MET 2003
Amon Ott:
=09That means, deprive root of ADD_TO_KERNEL privilege by means of=
RC,and then protect the /lib/modules/* from writing by MAC with=
only read authorization to insmod ,modprobe, rmmod to that DIR=
by RC?
=09Does the ADD_TO_KERNEL in RC take effect in rsbac 1.1.2 or does=
RSBAC change much in RC in 1.2?
=3D=3D=3D=3D=3D=3D=3D 2003-03-04 09:47:00 =C4=FA=D4=DA=C0=B4=D0=C5=D6=D0=D0=B4=B5=C0=A3=BA=3D=3D=3D=3D=3D=3D=3D
>On Tuesday 04 March 2003 09:23, =C1=F5=B8=EF=B7=C7 wrote:
>> =09I have one question:
>> =09If root insmod a kernel module which has changed the=
implement of some
>important syscall,such as open, read and write, how can we=
ensure the
>security of kernel with RSBAC?
>
>We generally do not allow root's default role to insmod=
(ADD_TO_KERNEL).
>Instead, insmod, modprobe, rmmod get a special RC role which has=
read access
>only to controlled files, e.g. libraries and /lib/modules/*.
>
>Additionally, raw access to kernel mem is denied by default, so=
you cannot
>bypass the official module syscalls.
>
>Amon.
>--
>http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
>_______________________________________________
>rsbac mailing list
>rsbac at rsbac.org
>http://www.rsbac.org/mailman/listinfo/rsbac
=3D =3D =3D =3D =3D =3D =3D =3D =3D =3D =3D =3D =3D =3D =3D =3D =3D =3D =3D =3D
=09=09=09
=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=D6=C2
=C0=F1=A3=A1
=09=09=09=09
=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=C1=F5=B8=EF=B7=C7
=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1gfliu at redflag-linux.com
=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A1=A12003-03-06
More information about the rsbac
mailing list