Date: Fri, 22 May 1998 10:23:23 +0200 From: Philippe Regnauld <regnauld@deepo.prosa.dk> To: Nicholas Charles Brawn <ncb05@uow.edu.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Virus on FreeBSD Message-ID: <19980522102323.48197@deepo.prosa.dk> In-Reply-To: <Pine.SOL.3.96.980522100017.17145A-100000@banshee.cs.uow.edu.au>; from Nicholas Charles Brawn on Fri, May 22, 1998 at 10:02:46AM %2B1000 References: <199805211431.KAA17444@brain.zeus.leitch.com> <Pine.SOL.3.96.980522100017.17145A-100000@banshee.cs.uow.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Nicholas Charles Brawn writes:
> >
> > I'd love to have a "virus" scanner that could detect the signature of a
> > LKM module or the LKM loader in a kernel. Of course by "signature" here
> > I mean something that would recognize the style of code necessary to
> > perform this operation, not the specific sequence of bits in any given
> > implementation.
>
> You may have a point here. Is there any way you could "sign" a module to
> ensure it's authenticity? And on top of that build in an automatic
> authentication system within the kernel that rejects lkm's that are not
> signed? Perhaps this could be included so as to be performed at one of the
> securelevels?
Hey, great idea, let's call it Active-LKM.
:-)
--
-[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]-
«Pluto placed his bad dog at the entrance of Hades to keep the dead
IN and the living OUT! The archetypical corporate firewall?»
- S. Kelly Bootle
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980522102323.48197>