Kernel needs [was: SCO]

  • From: Neil Doane <caine@xxxxxxxxxxxxxxxx>
  • To: technocracy@xxxxxxxxxxxxxxxxx
  • Date: Fri, 14 Jul 2000 13:57:56 -0700

* Steve Baker (ice@xxxxxxxxxxxxxxxxx) on [07-14-00 13:33] did utter:
> really, once you get down to it, a good VM, memory protection, filesystems,
> networking and the like are all that really belong in the kernel 

I'm curious as to what people here think about integrated kernel-level 
security features like SecureBSD's MDA hash check-before-execute features or
the myriad kernel-level features of things like the Linux Intrusion
Detection System (www.lids.org) (send security alerts through network 
(mail/remote syslog/http POST) directly from kernel, or limiting access 
to raw devices or io ports to only pre-specified processes.)   I mean,
SecureBSD has a database of the checksums of every binary on its system
floating around in memory (I guess) and LIDS is implementing its own MTA 
_inside the kernel_ (among other things).  

Is this going overboard or not?  Opinions?




Neil




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
                
       . /._ o /     --personal="caine@xxxxxxxxxxxxxxxx" 
      /|//- / /     --business="caine@xxxxxxxxxxx"
     / ''- / /__   --homepage="http://antediluvian.org/";
    '                                      
~~ http://angryflower.com/bobsqu.gif ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~







Other related posts: