Re: A question about Knark and modules

To: Ethan Benson <erbenson@alaska.net>
Cc: <debian-security@lists.debian.org>
Subject: Re: A question about Knark and modules
From: Juha Jäykkä <juolja@utu.fi>
Date: Sun, 17 Jun 2001 13:21:45 +0300 (EET DST)
Message-id: <[🔎] Pine.SOL.4.30.0106171318410.3687-100000@alya.utu.fi>
In-reply-to: <[🔎] 20010616170020.L25820@plato.local.lan>

> lcap CAP_SYS_MODULE CAP_SYS_RAWIO
> which will disable module loading entirely as well as access to
> /dev/mem (which can be just as dangerous as a kernel module and would
> bypass your signed module thing nicely).

  Which means: so long, X. I have a workstation and using X in,
naturally, necessary (in fact, it is paramount since 3D rendering
without Xfree4's opengl is horrible). Thus this option is out. How
about compiling the kernel without module support in the first place?
The problem of /dev/mem would remain, but if the kernel does not know
about modules, is it a problem?

-- 
		 -----------------------------------------------
		| Juha Jäykkä, juolja@utu.fi			|
		| home: http://www.utu.fi/~juolja/		|
		 -----------------------------------------------

Reply to:

Follow-Ups:
- Re: A question about Knark and modules
  - From: Ethan Benson <erbenson@alaska.net>

References:
- Re: A question about Knark and modules
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: A question about Knark and modules
Next by Date: Re: A question about Knark and modules
Previous by thread: Re: A question about Knark and modules
Next by thread: Re: A question about Knark and modules
Index(es):
- Date
- Thread