On 12/17/2010 09:39 AM, Nicole Carlson wrote: > Hello, beautiful people! How I have missed you. > > A question for your enormous brains. Suppose that the kernel panics. > Further suppose that I do NOT want it to dump core.
I don't believe it's the default. Are you worried about it dumping core without you asking? Or are you worried that someone with physical access to the machine could force it to dump core? > Can I set up the > system to do this? Can I set up the system to perform any arbitrary > commands when the kernel panics? If so, how? I believe it's a compile time option for the kernel side, and user space tools. The trick is that in a panic you need to trust as little of the kernel as possible to avoid trashing a filesystem. So you'll need diskdump (write to disk), netdump (dump to net), and/or kdump. Source for these tools will give you an idea of what is necessary to handle a kernel dump. Because it's unsafe to trust the filesystem code typically if you are writing to disk you either give it a device, a partition, or a swap partition. If you don't have dmesg on boot mentioning the dump utility you are using (kdump, netdump, or diskdump) or a /proc/diskdump (or related) then you likely don't have it enabled. Which might be what you want. > The motivation behind all this: I'm trying to figure out how to get > Linux on satellites. Cool. > One of the barriers is paperwork: the gub'mint > says "You must do X, Y, and Z". One of those requirements is that all > system startups, shutdowns, and aborts keep the system in a secure > state. Secure aborts is the one I'm having trouble proving--I think > that dumping core is a problem, because it preserves possibly > sensitive information (internal state at the time of panic) in a place > that isn't supposed to hold it (namely, wherever the core is dumped, > which appears to be in the swap space.) Swap is one of the choices, but the dumps are optional. > If I'm wildly off-base, please advise. I'm a bit fuzzy on the threat. Not like a normal user can read blocks from the swap device. Not like linux doesn't zero fill pages you ask the OS for. You are trying to protect against root user? From someone injecting errors into the kernel and then stealing the disk drive? Or just satisfying some arbitrary piece of bureaucrat security policy? Disabling kernel dumps seems rather straight forward and depending on your OS/Distro might even be disabled by default. Swap has similar problems BTW. You could encrypt a filesystem or device if you want to protect from someone stealing your machine and then reading the filesystem/block device. _______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
