Re: down to the core
--- ArArntaKarlsenararnt2i.net> wrote:
> On Wed, 28 Jul 2004 09:28:55 -0700 (PDT), Mike wrote in message
> > --- ArArntaKarlsenararnt2i.net> wrote:
> > > On Wed, 28 Jul 2004 13:10:46 +1000, Daniel wrote in message
> > > <87pt6gogomhfsfsfnenkiirimspaceet>:
> > >
> > > > One thing which will *not* enhance security, but is often claimed
> > > > to do so, is disabling kernel modules. Even if you don't use
> > > > them, an attacker with root privileges can still insert code into
> > > > the running kernel successfully, with the same result as loading a
> > > > kernel module.
> > >
> > > ..this would requires the presence of the loadable module,
> > > or _could_ the attacker provide it?
> > >
> > You need root totodoodule loading. With root you can also change
> > kernel memory, so yes you could force a module to load. It would be
> > simpler just to add the missing code you need to the running kernel
> > and then link it in. None the less if you have root access the only
> > reason you might need to load any kernel side code is for DMDMAr
> > hahandelingWHWninterupts Since it's unlikely that an attacker would
> > need or even care to do these things the point is moot. BoBottomeine
> > is if an attacker gets root it's ALL over, they can install any
> > software ththayight need.
> ..so basically, this boils down to whether or not it is
> possible to grab root with some kinda nenetcattunt.
Correct. As I remember you where running mail on port 25, it may be
popossibleo kill the mailer and then hack on a closed port 25. If your
asking if having another port open will be more of a security risk, then
prprobablyot. The security risk comes in when you acactuallytart running
the server. Harden your system from prprivilegescalation hahacksthen
**when** a server is compromised the effect is miminimal
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.