[Bda] un peu de secu

[Jerome PETAZZONI]

un post pas completement ininteressant sur bugtraq :
(j'aime bien la fin, sur le noyo qui refuse de lancer
des binaires non signes)

> So that's why I think it's better to build a minimal, static kernel
> without modules support. And once your kernel is OK and running,
> remove the .config file from your kernel source tree. If someone
> does get in and tries to make a new kernel (with modules support) 
> he cannot simply grab the old configfile and add modules support 
> to it. 

In my opinion systems that are connected to the outside world or
with a high risk should not have a compiler, compiler-tooling and
source packages installed. And if possible build your apps and tools
with a defensive compiler, like the gcc with stackguard patches
_or_ build your apps so that you machine runs only our own build
apps. There is a patch available to sign executables and prevents
the kernel to run non-signed or wrongly-signed programs.
In the "old days" I use to swap several variables in the elf-exe-format,
just to prevent others to build apps for my machine. This has
-ofcourse- a big impact on the work one has to do build a system
like this. You could do the same for LKM-structures.. or add a "Crc"
check in the modules and modutils.

Anyway, stripping your systems has something and will make things a
lot more difficult for attackers to install backdoors using root-kits.

The thing I read from booting of a CDROM is also a good choice, I think,
this will prevent people from booting from unwanted kernels.