Re: from / to /usr/: a summary
On Sun, Dec 25, 2011 at 12:08:57PM +0000, Philipp Kern wrote:
> On 2011-12-25, Stephan Seitz <stse+debian@fsing.rootsland.net> wrote:
> > All admins I know have at least some servers with custom kernels (in the
> > past it was said, to build your firewall/server kernels without module
> > support, so that no rootkit module could be loaded).
>
> No longer needed. See /proc/sys/kernel/modules_disabled.
That's not equivalent - an attacker that can load modules can also
remove the init script that sets this variable to 1 and reboot the
machine.
For proper safeguarding you still want no module support in the kernel
at all.
regards,
iustin
Reply to: