Firewallers,
I'd like to get your comments on an idea I had for one of my
employers. I have a good deal of experience with linux kernel hacking
via some of the linux embedded projects I've worked on, and when the
security question came up for one of the new projects we're working on
I put this idea on the table. I'd like to hear all your comments with
regard to this idea, and whether you think it would be worthwhile.
The basics of it is that we would be hacking the initialization
sequence of the kernel, and building a proxy program into the kernel
itself. We are excluding the ability from the kernel to do dynamic
linking, and executing any program. We are statically linking all the
programs we need into the kernel, i.e. bringing up the ethernet cards,
and the proxy program itself. Probably some reporting tools as well,
such as top, mounting the needed removable drives for logging,
mounting the proc partition, etc. All of the configuration files
would be stored on a CDROM and booted off of that drive, and mounted
as root. The removable logging drives would likely be those 2.1 gig
drives you can pickup these days for next to nothing. There would be
two of them, and they would autoswitch on full, notify the console,
and there would be a basic menu system running in the console that
would open up the 'top' program, or a "switching" program that would
tell the proxy program to switch logging drives for retrieval.
I've already begun work on this, and it's really not all that
difficult based on my experience with the embedded device work. I
understand that many of you would question the feasability of this,
but I can assure you that that isn't a problem. The only thing that
I'm concerned about is whether or not this effort is in vain, i.e. is
this more secure than other solutions that have been cooked up. Are
there still potentials of security breaks beyond someone having
physical access to the box, and all that sort of stuff.
Thank You for your input,
Shane Nay
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
