[cgl_discussion] Re: Project review

Larry Butler larry_butler at hp.com
Wed Oct 2 09:57:39 PDT 2002


1. Quote the requirements from the requirements doc that your project is
expected to meet.

  " OSDL CGL shall support a kernel debugger that requires basic
   authentication to ensure that only authorized users with access to a system
   can use the debugging features.  This level of security is analogous to
   that assumed by an authorized user logging in to the system."

2. Explain how you think the project you have picked meets the above
requirements.

   It provides a password feature which can be set from user space..

3. Explain the design of your project or point to a document on the web
that explains the design.

   It is a simple addition to the standard kernel debugger:  It prompts for a
   password from the console just before accepting a command for the first
   time.  If the password is correct things proceed as usual.  If it is not
   correct, a "go" command is simulated, returning the system to normal
   operation.

   The input code is modified to provide "no screen echo" and "timeout"
   features which are activated only when the password is being entered.
   "no screen echo" keeps the password from being displayed on the screen.
   The "timeout" ensures that the system will not accidentally be left "hung"
   indefinitely when the user doesn't enter a password.

   The password is stored in the kernel in MD5 encrypted form.  The encrypted
   form of the password can be set or retrieved through a new sysctl control 
or
   through (/proc/sys/kernel/kdbpassword).  A utility to encrypt passwords in
   MD5 format already exists as part of GRUB.

4. Pointer to your code/patch.

  The patch is in linux-2.4.18/patches/kdb/kdb_auth.patch on the OSDL CVS
  server.





More information about the cgl_discussion mailing list