Re: Linux firewall question.
Hello,
> > I don't know of any exploitable-by-non-root-users holes in Linux's
> > kernel module loading. If you've let the intruder get root on your
> > firewall you're already so badly hosed that I don't think the existence
> > of dynamically loadable kernel modules is going to leave you much worse
> > off.
>
> I wondered if this had ever happened vs. theoretical concern....anybody
> have an instance to share?
Well, all I know is, that we should eigter:
a) avoid root-process on the running system (priveleges)
b) make it impossible even for root to compromise the system permanently
(securelevel)
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) If privacy is outlawed only Outlaws have privacy
--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to listmaster@debian.org .
Reply to: