Once again THANKS to all those who have replied to my questions. Your comments are much appreciated and are helping me further understand the Darwin (as well as other Linux) Kernels. I am aware that many of the options I am requesting information about are availible as extensions, modules, and configuration file options. However, I am still interested in enabling / disabling these options at the kernle level. For example, when I asked about the KERNEL LEVEL customization of allowing or disallowing IP packet forwarding I am more interested in DISABLING it via the kernel. Why? In the past I have constructed a more secure Linux machine by disabling "dangerous" kernel level options such as IP packet forwarding or promiscuous mode to prevent packet sniffing on my network. Additionaly, disabling a CD-burner in kernel space has its reasons as well. Assume I want the ability to burn CD's and am willing to swap kernels for this. I want to be assured that other users of my systems ARE NOT burning CD's which may contain proprietary data. Essentially trusted users have access to the CD-R enabled kernel... other users dont. These are the kinds of "hobby projects" that I work on! Admittedly these proceedures are a bit extreem...but as a security consultant I am always interested in the MANY ways a solution could be achieved. Anyway, I would be interested in disabling many features in the Darwin Kernel. Also I am interested in tweaking / creating kernel extensions... which I have done to a very basic extent by following FAQ's about how to create a simple kernel extension in Darwin. Thanks to Pelle Johansson for pointing out which files might be of interest to me:

However, if you really want to do it, what you do is edit the

xnu/*/conf/MASTER.ppc files (on ppc, obviously).

--Cheers, Matthew K. Wong

Date: Fri, 7 Feb 2003 14:14:58 +0100

Subject: Re: Kernel customization. > Cc: darwin-kernel@lists.apple.com

To: "Mr. Wong" > From: Pelle Johansson > onsdagen den 5 februari 2003

kl 02.26 skrev Mr. Wong: >> Hello everyone, I recently compiled the Darwin (XNU portion v.6.0) >> kernel >> with the help from the users of this newsgroup (thanks!). I would like >> to take this a step further and actually do some kernel customizations >> similar to the ones I've done in Linux. For example, I've recompiled >> the >> Linux kernel to specifically allow or disallow cd burning capabilities >> via SCSI emulation support. Another thing I've done in linux is allow >> IP >> packet forwarding. The Redhat (7.3) Linux kernel appears to be much >> easier to handle than the Darwin kernel because there exists GUI and >> command line utilities built specifically for the purpose of >> custization. Anyway, my question is this: How does one go about >> modifying the XNU kernel to achieve such customizations? Is there a >> GUI >> or command line utility? What suggestions do you have or what should I >> watch out for? Any help will be appreciated. Thanks in advance, >> Matthew >> K. Wong >Well, you got a lot of replies telling you not to, and I agree with >them. Most things are turned on by default. IP forwarding certainly is, >and AFAIK, cd burning is handled completely by the cd iokit driver, >which is a kernel extension (src/live/IOCDStorageFamily in cvs). >However, if you really want to do it, what you do is edit the >xnu/*/conf/MASTER.ppc files (on ppc, obviously). >By modifying the line RELEASE = [...] you can add and remove options. >Of course, it's not completely obvious what options are available, >you'll have to look around in the files in the conf/ directories to >find out. ------------------------------------------------------------------------ MSN 8 helps ELIMINATE E-MAIL VIRUSES. Get 2 months FREE*. _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.