cendres at videotron.ca
Tue Jan 6 13:55:20 PST 2004
On January 6, 2004 04:22 pm, ken_i_m at elegantinnovations.net wrote:
> On Tue, Jan 06, 2004 at 03:05:21PM -0600, Amanda Lynn Rossmiller
(sleepynyago at mchsi.com) wrote:
> > i remember reading somewhere that kernel modules'
> > use should be discouraged in a secure system...
> As I recall the argument, someone could load a module that would allow
> them to do whatever they wanted. However, to do this the attacker
> needs root and as Cox pointed out if such an attack could be successful
> one's problems are much greater then loadable modules. A case of closing
> the barn door after the horses have already gone to town.
You could modify insmod as part of an intrusion detection system. I think this
is something a rootkit might try to use. But as stated above, its too late by
then, and the attacker doesn't nessesarily have to use your insmod.
More information about the hlfs-dev