Date: Fri, 22 May 1998 10:23:23 +0200 From: Philippe Regnauld <regnauld@deepo.prosa.dk> To: Nicholas Charles Brawn <ncb05@uow.edu.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Virus on FreeBSD Message-ID: <19980522102323.48197@deepo.prosa.dk> In-Reply-To: <Pine.SOL.3.96.980522100017.17145A-100000@banshee.cs.uow.edu.au>; from Nicholas Charles Brawn on Fri, May 22, 1998 at 10:02:46AM %2B1000 References: <199805211431.KAA17444@brain.zeus.leitch.com> <Pine.SOL.3.96.980522100017.17145A-100000@banshee.cs.uow.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Nicholas Charles Brawn writes: > > > > I'd love to have a "virus" scanner that could detect the signature of a > > LKM module or the LKM loader in a kernel. Of course by "signature" here > > I mean something that would recognize the style of code necessary to > > perform this operation, not the specific sequence of bits in any given > > implementation. > > You may have a point here. Is there any way you could "sign" a module to > ensure it's authenticity? And on top of that build in an automatic > authentication system within the kernel that rejects lkm's that are not > signed? Perhaps this could be included so as to be performed at one of the > securelevels? Hey, great idea, let's call it Active-LKM. :-) -- -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]- «Pluto placed his bad dog at the entrance of Hades to keep the dead IN and the living OUT! The archetypical corporate firewall?» - S. Kelly Bootle To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980522102323.48197>