Re: down to the core

To: debian-firewall@lists.debian.org
Subject: Re: down to the core
From: Arnt Karlsen <arnt@c2i.net>
Date: Fri, 30 Jul 2004 06:00:15 +0200
Message-id: <[🔎] 20040730060015.6e7a8399.arnt@c2i.net>
In-reply-to: <[🔎] 20040729151924.16363.qmail@web11908.mail.yahoo.com>
References: <[🔎] 20040729143642.57dd997f.arnt@c2i.net> <[🔎] 20040729151924.16363.qmail@web11908.mail.yahoo.com>

On Thu, 29 Jul 2004 08:19:24 -0700 (PDT), Mike wrote in message 
<[🔎] 20040729151924.16363.qmail@web11908.mail.yahoo.com>:

> --- ArArntaKarlsenararnt2i.net> wrote:
> 
> > On Wed, 28 Jul 2004 09:28:55 -0700 (PDT), Mike wrote in message 
> > <20040728162855.21881.qmqmaileb11904.mail.yahoo.com>:
> > 
> > > 
> > > --- ArArntaKarlsenararnt2i.net> wrote:
> > > 
> > > > On Wed, 28 Jul 2004 13:10:46 +1000, Daniel wrote in message 
> > > > <87pt6gogomhfsfsfnenkiirimspaceet>:
> > > > 
> > > > > One thing which will *not* enhance security, but is often
> > > > > claimed to do so, is disabling kernel modules.  Even if you
> > > > > don't use them, an attacker with root privileges can still
> > > > > insert code into the running kernel successfully, with the
> > > > > same result as loading a kernel module.
> > > > 
> > > > ..this would requires the presence of the loadable module, 
> > > > or _could_ the attacker provide it?
> > > > 
> > > You need root totodoodule loading.  With root you can also change
> > > kernel memory, so yes you could force a module to load.  It would
> > > be simpler just to add the missing code you need to the running
> > > kernel and then link it in.  None the less if you have root access
> > > the only reason you might need to load any kernel side code is for
> > > DMDMAr hahandelingWHWninterupts Since it's unlikely that an
> > > attacker would need or even care to do these things the point is
> > > moot.  BoBottomeine is if an attacker gets root it's ALL over,
> > > they can install any software ththayight need.
> > 
> > ..so basically, this boils down to whether or not it is 
> > possible to grab root with some kinda nenetcattunt.
> > 
> Correct.  As I remember you where running mail on port 25, it may be

..me?  You find anything port 25 on my fw box, I'd like to know.  ;-)

> popossibleo kill the mailer and then hack on a closed port 25.  If
> your asking if having another port open will be more of a security
> risk, then prprobablyot.  The security risk comes in when you
> acactuallytart running the server.  Harden your system from
> prprivilegescalation hahacksthen**when** a server is compromised the
> effect is miminimal

-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.

Reply to:

Follow-Ups:
- Re: down to the core
  - From: Mike Mestnik <cheako911@yahoo.com>

References:
- Re: down to the core
  - From: Arnt Karlsen <arnt@c2i.net>
- Re: down to the core
  - From: Mike Mestnik <cheako911@yahoo.com>

Prev by Date: Re: down to the core
Next by Date: encrypt partitions?
Previous by thread: Re: down to the core
Next by thread: Re: down to the core
Index(es):
- Date
- Thread