Re: Linux firewall question.

To: Bernd Eckenfels <ecki@lina.inka.de>
Cc: firewalls@greatcircle.com, debian-firewall@lists.debian.org
Subject: Re: Linux firewall question.
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Fri, 6 Mar 1998 23:19:16 +0100
Message-id: <19980306231916.12289@lina>
In-reply-to: <Pine.LNX.3.95.980306073024.1682V-100000@barney.iamerica.net>; from Henry Hollenberg on Fri, Mar 06, 1998 at 07:46:11AM -0600
References: <199803061224.AA09119@waltz.rahul.net> <Pine.LNX.3.95.980306073024.1682V-100000@barney.iamerica.net>

Hello,

> > I don't know of any exploitable-by-non-root-users holes in Linux's
> > kernel module loading. If you've let the intruder get root on your
> > firewall you're already so badly hosed that I don't think the existence
> > of dynamically loadable kernel modules is going to leave you much worse
> > off.
> 
> I wondered if this had ever happened vs. theoretical concern....anybody
> have an instance to share?

Well, all I know is, that we should eigter:

a) avoid root-process on the running system (priveleges)
b) make it impossible even for root to compromise the system permanently
  (securelevel)


Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)       If privacy is outlawed only Outlaws have privacy


--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble?  E-mail to listmaster@debian.org .

Reply to:

Prev by Date: Upload of libcrack
Next by Date: Re: Start up scripts
Previous by thread: Re: Linux firewall question.
Next by thread: Re: Linux Encrypted VPN
Index(es):
- Date
- Thread