Re: down to the core
--- Arnt Karlsen <arnt@c2i.net> wrote:
> On Wed, 28 Jul 2004 13:10:46 +1000, Daniel wrote in message
> <[🔎] 87pt6gomh5.fsf@enki.rimspace.net>:
>
> > One thing which will *not* enhance security, but is often claimed to
> > do so, is disabling kernel modules. Even if you don't use them, an
> > attacker with root privileges can still insert code into the running
> > kernel successfully, with the same result as loading a kernel module.
>
> ..this would requires the presence of the loadable module,
> or _could_ the attacker provide it?
>
You need root todo module loading. With root you can also change kernel
memory, so yes you could force a module to load. It would be simpler just
to add the missing code you need to the running kernel and then link it
in. None the less if you have root access the only reason you might need
to load any kernel side code is for DMA or handeling HW interupts. Since
it's unlikely that an attacker would need or even care to do these things
the point is moot. Bottome line is if an attacker gets root it's ALL
over, they can install any software thay might need.
> --
> ..med vennlig hilsen = with Kind Regards from Arnt... ;-)
> ...with a number of polar bear hunters in his ancestry...
> Scenarios always come in sets of three:
> best case, worst case, and just in case.
>
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
Reply to: