Hi For some time I thought that running kernels without module support is a complete solution to kernel rootkits. That was wrong as there are some other ways except modules: /dev/mem, DMA programming ...
I am willing to try this setup to protect agains kernel rootkits: - have a _base_ system which has only elemental programs including vserver tools - have another / system (like /mnt/vserver) where I put files needed for a server (daemons, sshd, system programs, development tools etc...) - run a moduleless kernel with ctx support that after it boots it starts another init in a different context having root in /mnt/vserver and capbound to not: chroot, I/O direct access Can that be done with vserver ? Is there a capability that sets the permission to do I/O with the hardware directly ? If so can that be "bounded" with vserver ? Thanks ---------------------------- Mihai RUSU Disclaimer: Any views or opinions presented within this e-mail are solely those of the author and do not necessarily represent those of any company, unless otherwise specifically stated.
