From: Fabio G. <fab...@gm...> - 2006-02-02 20:41:03
|
> encrypt the key, etc) could then just be done by the attacker. I > think the only real solution is to build digsig into the kernel so > that it can't be unloaded, so that your pubkey cannot be replaced > without the attacker rebooting the machine. I agree. Building digsig into the kernel, is probably the best solution that I can see . The public key could be stored in the kernel itself, copied from a file, chosen by the administrator, at kernel compilation time. (in this case, in order to replace the key, kernel must be recompiled). SELinux could probably help us in controlling access to /dev/kmem. Fabio |