Re: down to the core
On Thu, 29 Jul 2004 08:19:24 -0700 (PDT), Mike wrote in message
> --- ArArntaKarlsenararnt2i.net> wrote:
> > On Wed, 28 Jul 2004 09:28:55 -0700 (PDT), Mike wrote in message
> > <20040728162855.21881.qmqmaileb11904.mail.yahoo.com>:
> > >
> > > --- ArArntaKarlsenararnt2i.net> wrote:
> > >
> > > > On Wed, 28 Jul 2004 13:10:46 +1000, Daniel wrote in message
> > > > <87pt6gogomhfsfsfnenkiirimspaceet>:
> > > >
> > > > > One thing which will *not* enhance security, but is often
> > > > > claimed to do so, is disabling kernel modules. Even if you
> > > > > don't use them, an attacker with root privileges can still
> > > > > insert code into the running kernel successfully, with the
> > > > > same result as loading a kernel module.
> > > >
> > > > ..this would requires the presence of the loadable module,
> > > > or _could_ the attacker provide it?
> > > >
> > > You need root totodoodule loading. With root you can also change
> > > kernel memory, so yes you could force a module to load. It would
> > > be simpler just to add the missing code you need to the running
> > > kernel and then link it in. None the less if you have root access
> > > the only reason you might need to load any kernel side code is for
> > > DMDMAr hahandelingWHWninterupts Since it's unlikely that an
> > > attacker would need or even care to do these things the point is
> > > moot. BoBottomeine is if an attacker gets root it's ALL over,
> > > they can install any software ththayight need.
> > ..so basically, this boils down to whether or not it is
> > possible to grab root with some kinda nenetcattunt.
> Correct. As I remember you where running mail on port 25, it may be
..me? You find anything port 25 on my fw box, I'd like to know. ;-)
> popossibleo kill the mailer and then hack on a closed port 25. If
> your asking if having another port open will be more of a security
> risk, then prprobablyot. The security risk comes in when you
> acactuallytart running the server. Harden your system from
> prprivilegescalation hahacksthen**when** a server is compromised the
> effect is miminimal
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.