[Asterisk-Dev] Re: can ztdummy be used with a monolithic kernel?
(2.6)
Tony Mountifield
tony at softins.clara.co.uk
Sat Aug 13 02:26:08 MST 2005
In article <20050813084813.GP3258 at datavibe.net>,
Rev. Jeffrey Paul <sneak at datavibe.net> wrote:
> I am attempting to get MeetMe working on a machine using only IP for
> trunks. This machine, for security reasons, has module support disabled
> and is patched to disallow writing to /dev/mem or /dev/kmem (even by
> root) to prevent unauthorized loading of code into kernelspace (which is
> possible via these mechanisms even with modules disabled).
>
> I am running 2.6.11, specifically, the gentoo hardened version (r13)
> that includes grsecurity and cryptography support.
>
> Is it possible to get ztdummy working as a timer source for asterisk in
> such a configuration, or must I enable module support (and thus the huge
> potential for an LKM backdoor in the event of a system compromise)?
AFAIK, if the monolithic kernel contains rtc.c, then ztdummy with USE_RTC
should work, as it uses run-time hooks. If the kernel contains genrtc.c
instead, then ztdummy with USE_RTC will not work. In that case, you could
compile and use ztdummy without USE_RTC, but the accuracy is not good
enough for meetme and you would find a buildup of audio delay.
Cheers
Tony
--
Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org
More information about the asterisk-dev
mailing list