Re: Checking integrity of /sbin/init from within kernel

["Torsten Valentin" <winsock2@musiker.de>]

> I guess it is possible, but useless. If you do not physically protect
> your hard disk, so I can take it out and change, what would stop me
> from changing the kernel too? I think your suggestion does not improve
> security. Maybe it would catch a broken hard disk, but nothing more.

Sorry, but I have a different opinion on that.

For my purposes and in my scenario it will improve security. My method
is to give the kernel a new variable with a signature in it that I have
created before compiling my /sbin/init. Then I make my /sbin/init so
that it checks for the signature in the kernel (similar to `sysclt
kern.mysignature`). If the signature is correct, we are running "my"
kernel. /sbin/init will continue. If not, it will die and halt the
kernel. So the kernel checks if /sbin/init is correct and /sbin/init
checks if we have the correct kernel.

You could say that it could be easy to create a kernel with my signature
in it, but it isn't. You cannot read the signature from the kernel,
because therefore you'd have to change /sbin/init and if you do that my
kernel won't boot. Understood?

I think it's a huge improvement in security!

So back to my questions: How hard is this to achieve and whom can I ask
to do it? Does anyone know of anybody who is interested in that kind of
kernel hacking that he'd want to do the code for this?

T.

> Otto