About this list Date view Thread view Subject view Author view Attachment view

From: Mihai RUSU (dizzy_at_roedu.net)
Date: Thu 05 Dec 2002 - 13:05:45 GMT


Hi

For some time I thought that running kernels without module support is a
complete solution to kernel rootkits. That was wrong as there are some
other ways except modules: /dev/mem, DMA programming ...

I am willing to try this setup to protect agains kernel rootkits:
- have a _base_ system which has only elemental programs including vserver
tools
- have another / system (like /mnt/vserver) where I put files needed for a
server (daemons, sshd, system programs, development tools etc...)
- run a moduleless kernel with ctx support that after it boots it starts
another init in a different context having root in /mnt/vserver and
capbound to not: chroot, I/O direct access

Can that be done with vserver ? Is there a capability that sets the
permission to do I/O with the hardware directly ? If so can that be
"bounded" with vserver ?

Thanks

----------------------------
Mihai RUSU

Disclaimer: Any views or opinions presented within this e-mail are solely
those of the author and do not necessarily represent those of any company,
unless otherwise specifically stated.


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 13 Dec 2002 - 03:49:14 GMT by hypermail 2.1.3