[cgl_discussion] Re: Project review
Randy.Dunlap
rddunlap at osdl.org
Wed Oct 2 10:29:02 PDT 2002
On Wed, 2 Oct 2002, Larry Butler wrote:
| 1. Quote the requirements from the requirements doc that your project is
| expected to meet.
Req. 5.3.2 Kernel Debugger Authentication:
| " OSDL CGL shall support a kernel debugger that requires basic
| authentication to ensure that only authorized users with access to a system
| can use the debugging features. This level of security is analogous to
| that assumed by an authorized user logging in to the system."
|
| 2. Explain how you think the project you have picked meets the above
| requirements.
|
| It provides a password feature which can be set from user space..
|
| 3. Explain the design of your project or point to a document on the web
| that explains the design.
|
| It is a simple addition to the standard kernel debugger: It prompts for a
| password from the console just before accepting a command for the first
| time. If the password is correct things proceed as usual. If it is not
| correct, a "go" command is simulated, returning the system to normal
| operation.
|
| The input code is modified to provide "no screen echo" and "timeout"
| features which are activated only when the password is being entered.
| "no screen echo" keeps the password from being displayed on the screen.
| The "timeout" ensures that the system will not accidentally be left "hung"
| indefinitely when the user doesn't enter a password.
|
| The password is stored in the kernel in MD5 encrypted form. The encrypted
| form of the password can be set or retrieved through a new sysctl control
| or
| through (/proc/sys/kernel/kdbpassword). A utility to encrypt passwords in
| MD5 format already exists as part of GRUB.
So is grub a requirement to use this patch, or just the grub
'md5crypt' utility? (which I don't seem to have just now :(
| 4. Pointer to your code/patch.
|
| The patch is in linux-2.4.18/patches/kdb/kdb_auth.patch on the OSDL CVS
| server.
Thanks.
--
~Randy
More information about the cgl_discussion
mailing list