LFS Paper on Secure Servers

Ken Moffat ken at kenmoffat.uklinux.net
Wed May 5 07:08:13 PDT 2004

On Wed, 5 May 2004, Tony Sequeira wrote:

> On Tue, 04 May 2004 23:48:50 -0500, Bruce Dubbs wrote
> >
> > Bob Morgan wrote:
> >
> > >In a somewhat related thought, having
> > >a separate /boot partition, and commenting it out in /etc/fstab can
> > >help a tiny bit to keep the kernel contents away from an attacker
> > >(one can always mount it manually long enough to install a
> replacement
> > >kernel if need be - also related to the issue of monolithic vs
> > modular).
> > >
> > >
> > I had thought of that.  The problem with that is that the klogd needs
> > to
> > be able to read the System Map.  I don't know if there is a way to
> have
> > it read from another location or not.
> That's interesting.  I have been playing with Gentoo, and by default
> the /boot partition is not mounted automatically.  I had a small
> discussion about this in one of their forums, and was about to bring up
> System.map, but then realised that I had no evidence that it was used
> at anything but boot time.  I didn't realise that klogd needed access
> to it.
 Anyone got any pointers to what klogd misses without access to
System.map ?  My firewall has had a separate, not-mounted, /boot for a
long while and I've not noticed any problems.

 das eine Mal als Tragödie, das andere Mal als Farce

More information about the lfs-security mailing list