modules

Ian Molton spyro at f2s.com
Tue Jan 6 14:58:32 PST 2004


On Tue, 06 Jan 2004 16:14:11 -0500
Robert Connolly <cendres at videotron.ca> wrote:

> I forget where i read it too. Disabling kernel loadable modules
> minimizess functionality of the kernel, and makes it slightly harder
> for an attacker to inject code.

Might want to remove /dev/kmem then.

but we've been here before... to insert code into the kernel you MUST BE
ROOT ALREADY. 

There is no other way that wouldnt be exploitable as any user in any
case.

I really dont see the point in trying to defend against someone who
already has root. what more could they want? in many cases they could
simply replace the kernel and issue a reboot!

-- 
Spyros lair: http://www.mnementh.co.uk/   ||||   Maintainer: arm26 linux

Do not meddle in the affairs of Dragons, for you are tasty and good with
ketchup.



More information about the hlfs-dev mailing list