"Ron Van Dam" <rvandam@liwave.com> writes:
> Support data encryption for file systems with third-party loadable kernel
> modules.
> (make it real easy to Include the support for encryption without
> including actual encyrption algorithms).
That is already implemented. You can load encryption modules into
the loop device, without ever recompiling your kernel. Check
the API in linux/loop.h
Of course loop back is slow, but it works.
> Sharing devices over a network (not justs Disks with NBD, serial ports,
> sound cards, USB devices, etc)
> (Why buy multiple devices when I can share!)
Sounds like a user space problem. See vmware for an example.
> TCP intercept -- verifies TCP connections before passing on the
> connection to userland. To prevent DoS and Spoofed attacks.
Already implemented: SO_ATTACH_FILTER et.al.
Even with the best filters you won't prevent DoS and spoofing though.
> Security integrity checking ( log if the system was booted with a
> different kernel, log when kernel modules are loaded)
User space/bootloader/external hardware problem (how can a kernel that has
been tampered with audit itself? -- to be really sure you need external
tamperproof hardware)
> Enable Kernel Module signatures so any foriegn kernel modules will be
> refused. (to avoid Kernel Module hacking).
Not practical (unless you break the X server by disallowing /dev/kmem
and ioports access)
-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:21 EST