[Asterisk-Dev] Re: can ztdummy be used with a monolithic kernel? (2.6)

Tony Mountifield tony at softins.clara.co.uk
Sat Aug 13 02:26:08 MST 2005


In article <20050813084813.GP3258 at datavibe.net>,
Rev. Jeffrey Paul <sneak at datavibe.net> wrote:
> I am attempting to get MeetMe working on a machine using only IP for
> trunks.  This machine, for security reasons, has module support disabled
> and is patched to disallow writing to /dev/mem or /dev/kmem (even by
> root) to prevent unauthorized loading of code into kernelspace (which is
> possible via these mechanisms even with modules disabled).
> 
> I am running 2.6.11, specifically, the gentoo hardened version (r13)
> that includes grsecurity and cryptography support.
> 
> Is it possible to get ztdummy working as a timer source for asterisk in
> such a configuration, or must I enable module support (and thus the huge
> potential for an LKM backdoor in the event of a system compromise)?

AFAIK, if the monolithic kernel contains rtc.c, then ztdummy with USE_RTC
should work, as it uses run-time hooks. If the kernel contains genrtc.c
instead, then ztdummy with USE_RTC will not work. In that case, you could
compile and use ztdummy without USE_RTC, but the accuracy is not good
enough for meetme and you would find a buildup of audio delay.

Cheers
Tony
-- 
Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org



More information about the asterisk-dev mailing list