[cgl_discussion] Re: Project review

[Randy.Dunlap]

On Wed, 2 Oct 2002, Larry Butler wrote:

| 1. Quote the requirements from the requirements doc that your project is
| expected to meet.

Req. 5.3.2  Kernel Debugger Authentication:
|   " OSDL CGL shall support a kernel debugger that requires basic
|    authentication to ensure that only authorized users with access to a system
|    can use the debugging features.  This level of security is analogous to
|    that assumed by an authorized user logging in to the system."
|
| 2. Explain how you think the project you have picked meets the above
| requirements.
|
|    It provides a password feature which can be set from user space..
|
| 3. Explain the design of your project or point to a document on the web
| that explains the design.
|
|    It is a simple addition to the standard kernel debugger:  It prompts for a
|    password from the console just before accepting a command for the first
|    time.  If the password is correct things proceed as usual.  If it is not
|    correct, a "go" command is simulated, returning the system to normal
|    operation.
|
|    The input code is modified to provide "no screen echo" and "timeout"
|    features which are activated only when the password is being entered.
|    "no screen echo" keeps the password from being displayed on the screen.
|    The "timeout" ensures that the system will not accidentally be left "hung"
|    indefinitely when the user doesn't enter a password.
|
|    The password is stored in the kernel in MD5 encrypted form.  The encrypted
|    form of the password can be set or retrieved through a new sysctl control
| or
|    through (/proc/sys/kernel/kdbpassword).  A utility to encrypt passwords in
|    MD5 format already exists as part of GRUB.

So is grub a requirement to use this patch, or just the grub
'md5crypt' utility?  (which I don't seem to have just now :(

| 4. Pointer to your code/patch.
|
|   The patch is in linux-2.4.18/patches/kdb/kdb_auth.patch on the OSDL CVS
|   server.

Thanks.
-- 
~Randy