Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

To: debian-security@lists.debian.org
Subject: Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
From: Dale Amon <amon@vnl.com>
Date: Wed, 2 Apr 2003 03:41:36 +0100
Message-id: <[🔎] 20030402024136.GA18489@vnl.com>
In-reply-to: <[🔎] 20030401185710.GB14553@zionlth.org>
References: <3E883C67.3020807@simicro-internet.mg> <20030331134931.GA7092@mood.ritram.it> <[🔎] 3E89761A.60609@simicro-internet.mg> <[🔎] 20030401133615.GA17185@mood.ritram.it> <[🔎] 20030401133017.GA28537@vnl.com> <[🔎] 20030401165306.GA2958@melina.ds14.agh.edu.pl> <[🔎] 20030401174928.GA16302@moskovskaya> <[🔎] 20030401185710.GB14553@zionlth.org>

On Tue, Apr 01, 2003 at 01:57:10PM -0500, Phillip Hofmeister wrote:
> Assuming an intruder made his way in with root privs couldn't he also
> modify /dev/kmem or directly access the kernel memory by some other
> means?  I beleive this topic has also been discussed in the past (dig
> deep into the archives) and it was concluded that not allowing modules
> to be loaded does not really protect you from your kernel being
> modified at run-time.

You have to use grsec to close the others up. A
"grey hat" friend of mine noted that a rootkit module
was his favorite hack when he was in that line of work.

-- 
------------------------------------------------------
       IN MY NAME:            Dale Amon, CEO/MD
  No Mushroom clouds over     Islandone Society
    London and New York.      www.islandone.org
------------------------------------------------------

Reply to:

References:
- Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
  - From: DouRiX <dourix-tech@simicro-internet.mg>
- Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
  - From: Maurizio Lemmo - Tannoiser <mizio@tenzione.it>
- Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
  - From: Dale Amon <amon@vnl.com>
- Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
  - From: Marcin Owsiany <porridge@debian.org>
- Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
  - From: David Barroso <tomac@somoslopeor.com>
- Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
  - From: Phillip Hofmeister <plhofmei@zionlth.org>

Prev by Date: Re: smtp auth
Next by Date: Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
Previous by thread: Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
Next by thread: Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
Index(es):
- Date
- Thread