Linux Modules
Sandy Harris
sandyinchina at gmail.com
Thu Dec 4 06:09:56 UTC 2008
On Thu, Dec 4, 2008 at 3:47 AM, <bmm at plu.edu> wrote:
> Hi Doc Team,
>
> I am a senior at Pacific Lutheran University and I am pursuing a degree in
> computer science. For my final project, me, and the group I am in, are
> trying to create our own firewall module that will replace the netfilter
> module in Ubuntu.
Interesting, but I cannot see much benefit. Netfilter works well and there
are both other tools that use it and an active team of developers for it.
You might be better off contributing to it with extensions or whatever
than trying to replace it. That might be safer for you (smaller project
with existing experts to mentor you, more likely to succeed and get
you a good grade) and more useful for everyone else (no need to
change existing tools or learn a new system to use your stuff).
A module, or compiled-into-the kernel extension, I'd love to see
would be BSD-style immutable files for Linux. I'm likely in a
small minority on this, but I'd prefer that to the more complex
SE Linux or AppArmor stuff. Not that those aren't useful, but
if I could have only one of the three, I'd take immutable.
Linux does have an immutable bit and and append-only bit
(prt of the same system), and they are useful:
http://linuxhelp.blogspot.com/2005/11/make-your-files-immutable-which-even.html
However, they do not work like real (BSD) immutable files.
In BSD, access to immutable files depends on run level. Even
root cannot change an immutable file or do anything except
append to an append-only log file unless the system is in
single-user mode. This takes kernel support, hence my
suggestion of a module.
On current Linux, root can just do chattr -i or chattr -a, then
do as he will with the file. This means the feature provides
effectively zero protection against an attacker who gains
root on your system. The attacker can both change system
files and cover his tracks by altering logs.
On BSD, he cannot. Critical files can be immutable and
log files append-only. Even root cannot change them
except by dropping to single user mode. Restrict access
i that mode to the console and perhaps SSH from the
admin's workstation and any remote attacker is completely
locked out.
--
Sandy Harris,
Quanzhou, Fujian, China
More information about the ubuntu-doc
mailing list