link a kernel to a file system ?

Discuss and suggest new grsecurity features

link a kernel to a file system ?

Postby CleeK » Wed Jan 08, 2003 6:11 am

'lo,

I use grsecurity 1.9.8 with gradm-1.6. One of the main problem of the acl sys
tem, IMO, is that is is useless if the system didn't boot with the grsec kernel. If someone boots with a floppy disk, he can mount the file system and the acls system isn't activated anymore. So my question is :

Is it possible to "link" a file system to a kernel ? for exemple, modifying the ext2 structure (or another FS) with an authentication of the kernel (with public key crypto, or a test of the kernel md5sum maybe ?)

The aim is to make the file system where the acl system applies unmountable
if the current kernel is not the right one (i.e. without grsec support).

What do you thing about this ?

Is it a possible improvement of grsecurity ?

Thx

CleeK

PS : ideas
- public / private keys :
. generate a couple of keys
. patch the kernel with the private key
. patch the FS with the public key and an authentication scheme (including util-linux (mount, etc ...) and of probably mkfs)

- md5sum :
. difficult because the md5sum changes at each recomplation
CleeK
 
Posts: 2
Joined: Wed Aug 21, 2002 5:29 am

Postby spender » Wed Jan 08, 2003 10:25 am

solving the floppy problem is a physical security problem, not the fault of the operating system. The ACL system ensures that the system can't be rebooted into another kernel by an attacker. Putting the trusted ACL information on the filesystem, in my opinion, is a bad idea. RSBAC and others do this, and it's weak because one only needs access to the files it places on the system to corrupt the integrity of the system. We keep everything in the kernel, which is more secure. I doubt you could modify the filesystem to do something like what you want unless you encrypted the entire drive, in which case you'd have to store some key somewhere. Of course, when the system is online, everything would be decrypted, so that's pretty useless and horrible for performance.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby ryan » Thu Jan 16, 2003 8:56 pm

My servers all are physicaly secure with lock and the proper amount of screws holding the chasis case together to prevent cmos reset or someone from stealing hardware. Atop of that i by default remove my floppy disk drives and disable CD-ROM booting in bios. Of cource also password protect it your bios setup.
ryan
 
Posts: 13
Joined: Tue Mar 26, 2002 6:48 am

Postby cmouse » Mon Jan 20, 2003 7:11 am

of course if one wants to use HD content encryptiong, he can use local loopback for this.... Can't see any reason for this tbh, as you said, it's slow etc.

You can look for the net for more info on how to achieve this...
cmouse
 
Posts: 98
Joined: Tue Dec 17, 2002 10:58 am


Return to grsecurity development

cron