Re: from / to /usr/: a summary

To: debian-devel@lists.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: from / to /usr/: a summary
From: md@Linux.IT (Marco d'Itri)
Date: Mon, 26 Dec 2011 15:51:01 +0100
Message-id: <[🔎] 20111226145101.GA27479@bongo.bofh.it>
In-reply-to: <[🔎] 201112270015.47265.russell@coker.com.au>
References: <[🔎] 87zkei197p.fsf@poker.hands.com> <[🔎] slrnjfe4ip.t6i.trash@kelgar.0x539.de> <[🔎] 20111226103810.GA1338@teal.hq.k1024.org> <[🔎] 201112270015.47265.russell@coker.com.au>

On Dec 26, Russell Coker <russell@coker.com.au> wrote:

> For many of the things that can be done by loading a kernel module an attacker 
> can achieve similar goals by replacing libc or by using ptrace to install 
> hostile code in a long-running process that runs as root.
Or load code in the kernel using /dev/mem, preventing loading modules 
only stops simple attacks.

> For 
> example it would be good to be able to white list the currently loaded modules 
> (and optionally remove some from the white-list for hardware that is installed 
> but never used) and then make a small white-list for the USB devices that are 
> suitable for use.
You can easily do this with a udev rules file.

-- 
ciao,
Marco

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Re: from / to /usr/: a summary
  - From: Philip Hands <phil@hands.com>
- Re: from / to /usr/: a summary
  - From: Philipp Kern <trash@philkern.de>
- Re: from / to /usr/: a summary
  - From: Iustin Pop <iustin@debian.org>
- Re: from / to /usr/: a summary
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: from / to /usr/: a summary
Next by Date: Re: from / to /usr/: a summary
Previous by thread: Re: from / to /usr/: a summary
Next by thread: Re: from / to /usr/: a summary
Index(es):
- Date
- Thread