Re: down to the core
On Wed, 28 Jul 2004 09:28:55 -0700 (PDT), Mike wrote in message
> --- Arnt Karlsen <email@example.com> wrote:
> > On Wed, 28 Jul 2004 13:10:46 +1000, Daniel wrote in message
> > <firstname.lastname@example.org>:
> > > One thing which will *not* enhance security, but is often claimed
> > > to do so, is disabling kernel modules. Even if you don't use
> > > them, an attacker with root privileges can still insert code into
> > > the running kernel successfully, with the same result as loading a
> > > kernel module.
> > ..this would requires the presence of the loadable module,
> > or _could_ the attacker provide it?
> You need root todo module loading. With root you can also change
> kernel memory, so yes you could force a module to load. It would be
> simpler just to add the missing code you need to the running kernel
> and then link it in. None the less if you have root access the only
> reason you might need to load any kernel side code is for DMA or
> handeling HW interupts. Since it's unlikely that an attacker would
> need or even care to do these things the point is moot. Bottome line
> is if an attacker gets root it's ALL over, they can install any
> software thay might need.
..so basically, this boils down to whether or not it is
possible to grab root with some kinda netcat stunt.
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.