RE: Future Linux devel. Kernels

From: Igmar Palsenberg (
Date: Mon May 08 2000 - 09:53:41 EST

> On Mon, 8 May 2000, Igmar Palsenberg wrote:
> > BSDI also has a mode like this, the kernel secure levels. Basically means
> > that some operations are disabled, and the only was to switch the level is
> > from init 1 :-))
> > The 'main' risk if someone gets in that he replaces system bins.. So the
> > only way to detect this is a proper logging system, that cannot be
> > modified without someone noticing.
> This is something that can be handled with securelevels. Mark the system
> binaries as immutable and the only way to change them is from singleuser.
> However, iopl() still can be used to circumvent this, and as long as Linux
> allows hardware access to user-level apps, you cannot make a system
> secure.

See my next post :-)

I think that directly accessing /dev/hd or sd should also fall under the
restricted operation..

However, I think this breaks programs such as dump

> > > > If the guy (girl) really know what he is doing he is able to wipe his
> > > > traces..
> Noone can escape a 9-dot printer on /dev/lp0.

My machine is about 100 miles away.. Also 500 9 pin matrix printer
violate some regulations I think :)

> Good question. What is its use? (Hint: I know how the accelerated X
> servers work.)

Directly accessing PCI memory I think in that case :)

> Simon


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at

This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:11 EST