Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
* Marcin Owsiany (porridge@debian.org) wrote:
> On Tue, Apr 01, 2003 at 02:30:17PM +0100, Dale Amon wrote:
> > On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser wrote:
> > > In a server enviroment, where there no need to load modules at run-time,
> > > could be a "usable workaorund", but, in a workstation machine, i don't
> > > think thats a great idea.
> >
> > In a server environment it is preferable not to
> > compile with modules at all.
>
> Why?
One reason is security:
it's relatively easy for an intruder to install a kernel module based
rootkit, and then hide her processes, files or connections.
Reply to: