Re: down to the core

To: Arnt Karlsen <arnt@c2i.net>, debian-firewall@lists.debian.org
Subject: Re: down to the core
From: Mike Mestnik <cheako911@yahoo.com>
Date: Thu, 29 Jul 2004 08:19:24 -0700 (PDT)
Message-id: <[🔎] 20040729151924.16363.qmail@web11908.mail.yahoo.com>
In-reply-to: <[🔎] 20040729143642.57dd997f.arnt@c2i.net>

--- ArArntaKarlsenararnt2i.net> wrote:

> On Wed, 28 Jul 2004 09:28:55 -0700 (PDT), Mike wrote in message 
> <20040728162855.21881.qmqmaileb11904.mail.yahoo.com>:
> 
> > 
> > --- ArArntaKarlsenararnt2i.net> wrote:
> > 
> > > On Wed, 28 Jul 2004 13:10:46 +1000, Daniel wrote in message 
> > > <87pt6gogomhfsfsfnenkiirimspaceet>:
> > > 
> > > > One thing which will *not* enhance security, but is often claimed
> > > > to do so, is disabling kernel modules.  Even if you don't use
> > > > them, an attacker with root privileges can still insert code into
> > > > the running kernel successfully, with the same result as loading a
> > > > kernel module.
> > > 
> > > ..this would requires the presence of the loadable module, 
> > > or _could_ the attacker provide it?
> > > 
> > You need root totodoodule loading.  With root you can also change
> > kernel memory, so yes you could force a module to load.  It would be
> > simpler just to add the missing code you need to the running kernel
> > and then link it in.  None the less if you have root access the only
> > reason you might need to load any kernel side code is for DMDMAr
> > hahandelingWHWninterupts Since it's unlikely that an attacker would
> > need or even care to do these things the point is moot.  BoBottomeine
> > is if an attacker gets root it's ALL over, they can install any
> > software ththayight need.
> 
> ..so basically, this boils down to whether or not it is 
> possible to grab root with some kinda nenetcattunt.
> 
Correct.  As I remember you where running mail on port 25, it may be
popossibleo kill the mailer and then hack on a closed port 25.  If your
asking if having another port open will be more of a security risk, then
prprobablyot.  The security risk comes in when you acactuallytart running
the server.  Harden your system from prprivilegescalation hahacksthen
**when** a server is compromised the effect is miminimal


		
__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo

Reply to:

Follow-Ups:
- Re: down to the core
  - From: Arnt Karlsen <arnt@c2i.net>

References:
- Re: down to the core
  - From: Arnt Karlsen <arnt@c2i.net>

Prev by Date: Re: down to the core
Next by Date: Re: down to the core
Previous by thread: Re: down to the core
Next by thread: Re: down to the core
Index(es):
- Date
- Thread