[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: down to the core

On Wed, 28 Jul 2004 09:28:55 -0700 (PDT), Mike wrote in message 

> --- Arnt Karlsen <arnt@c2i.net> wrote:
> > On Wed, 28 Jul 2004 13:10:46 +1000, Daniel wrote in message 
> > <87pt6gomh5.fsf@enki.rimspace.net>:
> > 
> > > One thing which will *not* enhance security, but is often claimed
> > > to do so, is disabling kernel modules.  Even if you don't use
> > > them, an attacker with root privileges can still insert code into
> > > the running kernel successfully, with the same result as loading a
> > > kernel module.
> > 
> > ..this would requires the presence of the loadable module, 
> > or _could_ the attacker provide it?
> > 
> You need root todo module loading.  With root you can also change
> kernel memory, so yes you could force a module to load.  It would be
> simpler just to add the missing code you need to the running kernel
> and then link it in.  None the less if you have root access the only
> reason you might need to load any kernel side code is for DMA or
> handeling HW interupts.  Since it's unlikely that an attacker would
> need or even care to do these things the point is moot.  Bottome line
> is if an attacker gets root it's ALL over, they can install any
> software thay might need.

..so basically, this boils down to whether or not it is 
possible to grab root with some kinda netcat stunt.

..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.

Reply to: