On Sun, Apr 29, 2012 at 1:59 PM, Mike Perry <[email protected]> wrote: > [snipped] > > After reading a few mailinglist archives about kernel.modules_disabled, > it looks like there is a contingent of kernel developers who are arguing > for "layered security" over "perfect security", and they are working to > enumerate and close holes that elevate root directly to ring0. Even if > the LKML people occasionally refuse to take their patches for old > unixbeard dogmatic reasons, it looks like they are still being picked up > by RHEL/CentOS and Ubuntu. > > But, this reminds me that I might need to add a "Auditing > Recommendations" section to the APT. Technically, the truly paranoid > should also keep pristine copies of their initrd, kernel, modules, and > init itself, and veryify/replace them in the event of sketchy activity. > But the question of how to actually verify/replace these files while > using an untrusted kernel is another matter.. A few ways come to mind, > but if we specify just One True Way, obviously custom rootkits could > still be written to cloak against it...
What do you feel about promoting grsec? > [snipped] > > > -- > Mike Perry > > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > Thanks, Kasimir -- Kasimir Gabert _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
