[cgl_discussion] Re: Project review
larry_butler at hp.com
Wed Oct 2 09:57:39 PDT 2002
1. Quote the requirements from the requirements doc that your project is
expected to meet.
" OSDL CGL shall support a kernel debugger that requires basic
authentication to ensure that only authorized users with access to a system
can use the debugging features. This level of security is analogous to
that assumed by an authorized user logging in to the system."
2. Explain how you think the project you have picked meets the above
It provides a password feature which can be set from user space..
3. Explain the design of your project or point to a document on the web
that explains the design.
It is a simple addition to the standard kernel debugger: It prompts for a
password from the console just before accepting a command for the first
time. If the password is correct things proceed as usual. If it is not
correct, a "go" command is simulated, returning the system to normal
The input code is modified to provide "no screen echo" and "timeout"
features which are activated only when the password is being entered.
"no screen echo" keeps the password from being displayed on the screen.
The "timeout" ensures that the system will not accidentally be left "hung"
indefinitely when the user doesn't enter a password.
The password is stored in the kernel in MD5 encrypted form. The encrypted
form of the password can be set or retrieved through a new sysctl control
through (/proc/sys/kernel/kdbpassword). A utility to encrypt passwords in
MD5 format already exists as part of GRUB.
4. Pointer to your code/patch.
The patch is in linux-2.4.18/patches/kdb/kdb_auth.patch on the OSDL CVS
More information about the cgl_discussion