[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: from / to /usr/: a summary

On Dec 26, Russell Coker <russell@coker.com.au> wrote:

> For many of the things that can be done by loading a kernel module an attacker 
> can achieve similar goals by replacing libc or by using ptrace to install 
> hostile code in a long-running process that runs as root.
Or load code in the kernel using /dev/mem, preventing loading modules 
only stops simple attacks.

> For 
> example it would be good to be able to white list the currently loaded modules 
> (and optionally remove some from the white-list for hardware that is installed 
> but never used) and then make a small white-list for the USB devices that are 
> suitable for use.
You can easily do this with a udev rules file.


Attachment: signature.asc
Description: Digital signature

Reply to: