[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: from / to /usr/: a summary

On Sun, Dec 25, 2011 at 12:08:57PM +0000, Philipp Kern wrote:
> On 2011-12-25, Stephan Seitz <stse+debian@fsing.rootsland.net> wrote:
> > All admins I know have at least some servers with custom kernels (in the
> > past it was said, to build your firewall/server kernels without module
> > support, so that no rootkit module could be loaded).
> 
> No longer needed.  See /proc/sys/kernel/modules_disabled.

That's not equivalent - an attacker that can load modules can also
remove the init script that sets this variable to 1 and reboot the
machine.

For proper safeguarding you still want no module support in the kernel
at all.

regards,
iustin
Reply to: