[EMAIL PROTECTED] wrote:
>
> Firewallers,
>
> I'd like to get your comments on an idea I had for one of my
> employers. I have a good deal of experience with linux kernel hacking
> via some of the linux embedded projects I've worked on, and when the
> security question came up for one of the new projects we're working on
> I put this idea on the table. I'd like to hear all your comments with
> regard to this idea, and whether you think it would be worthwhile.
>
> The basics of it is that we would be hacking the initialization
> sequence of the kernel, and building a proxy program into the kernel
> itself. We are excluding the ability from the kernel to do dynamic
> linking, and executing any program. We are statically linking all the
Sounds like you are putting together a pretty tight bastion proxy.
But even if this is more secure than a tighted distro, which seems
like it could NOT be since you are creating your own bugs here, you
are still proxying whatever so your internal host could still
be nuked. Anyway is this for a web server? ... don't even get me
started on proxying for web services as being "SECURE".
So what's the point of all this?! Seems like a bit overkill.
--Joshua
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
