Robert Connolly cendres at
Tue Jan 6 13:55:20 PST 2004

On January 6, 2004 04:22 pm, ken_i_m at wrote:
> On Tue, Jan 06, 2004 at 03:05:21PM -0600, Amanda Lynn Rossmiller 
(sleepynyago at wrote:
> > i remember reading somewhere that kernel modules'
> > use should be discouraged in a secure system...
> As I recall the argument, someone could load a module that would allow
> them to do whatever they wanted.  However, to do this the attacker
> needs root and as Cox pointed out if such an attack could be successful
> one's problems are much greater then loadable modules.  A case of closing
> the barn door after the horses have already gone to town.

You could modify insmod as part of an intrusion detection system. I think this 
is something a rootkit might try to use. But as stated above, its too late by 
then, and the attacker doesn't nessesarily have to use your insmod.

More information about the hlfs-dev mailing list