RE: Review: sect. 4.16.2 of the Securing Debian manual

To: debian-security@lists.debian.org
Subject: RE: Review: sect. 4.16.2 of the Securing Debian manual
From: "Jones, Steven" <sjones08@eds.com>
Date: Fri, 14 Mar 2003 20:25:17 +1300
Message-id: <[🔎] 3CE8E66CCD5A9E44A31436D8774C89E901111DE5@nzlsm201.nz.eds.com>

I currently spend a lot of time hardening boxes, is this discussion based on
the released doc I can get off the debian web site? or a new draft?

Steven

-----Original Message-----
From: Peter Cordes [mailto:peter@llama.nslug.ns.ca]
Sent: Friday, 14 March 2003 7:41 
To: debian-security@lists.debian.org
Subject: Re: Review: sect. 4.16.2 of the Securing Debian manual

On Thu, Mar 13, 2003 at 10:22:19PM +1100, Frederic Schutz wrote:
> Does it answer your questions or did I miss a real loophole in the
> strategy that I described ?

 If an attacker gets root and loads a kernel module, that module could
restore the immutable capability.  You'd have to disable loadable modules
for that to be bulletproof.  (unless the commonly used rootkits already do
this, it would slow down an attacker and cause them to make more noise.)

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BC

-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

Prev by Date: Re: Review: sect. 4.16.2 of the Securing Debian manual
Next by Date: Re: Protection against http tunneling (was: HTTP tunnel with linux server and windows client)
Previous by thread: Re: Review: sect. 4.16.2 of the Securing Debian manual
Next by thread: Stupid package installer wanted: uppity robots need not apply
Index(es):
- Date
- Thread