Re: CIPE statically compiled into kernel?|
Wed, 24 Apr 2002 19:13:20 +0200|
I know that the old 2.2.x crypto packages on kerneli.org (Speaking of,
what ever happened to kerneli?) contained CIPE support, and you could say
"Y" and it would be static. At the time, however, I had no need for VPN.
On Tue, 23 Apr 2002, Roberto Nibali wrote:
> Hi Roland,
> > is it possible to compile CIPE statically into the kernel? how? :-)
> Well technically you could make a patch to the kernel to link the
> cipe code statically. But what do you gain? And it generally is a PITA
> to do this since you need to patch subsystems of the kernel to export
> symbols for the specific code and all the other fun you will encounter
> when doing that.
> I could, however, also be mistaken and Olaf has already provided a
> patch for linking CIPE statically into the kernel. I haven't checked
> the newest code in a while.
> > (We don't support LKMs on our production servers to prevent abuse...)
> :) Yet again someone that thinks by disabling lkm he'd be safe. May I
> suggest you read ? You gain _no_ security by disabling lkm! You need
> either capabilities or type enforcement on loading modules. As long as
> you have a mean to allow a potential fellow cracker to get r00t on your
> box, you're unsafe. A very promising project for linux implementing a
> clean API for such >C2 systems is . Together with  you can even
> start using it for productive systems.
> I apologize to the other readers of the list for this slightely OT
> glitch of mine.
>  http://www.phrack.com/show.php?p=58&a=7
>  http://lsm.immunix.org/
>  http://www.nsa.gov/selinux/
> Best regards,
> Roberto Nibali, ratz
20417 SW 70th Ave.
Tualatin, OR 97062