Re: Kernel security advice

To: debian-security@lists.debian.org
Subject: Re: Kernel security advice
From: Michael Stone <mstone@debian.org>
Date: Fri, 18 Feb 2005 20:06:59 -0500
Message-id: <[🔎] 20050219010659.GF26791@mathom.us>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20050218224244.GO27881@cia.net.au>
References: <[🔎] 65195.68.121.162.198.1108698673.squirrel@68.121.162.198> <[🔎] 20050218060740.GL27881@cia.net.au> <[🔎] 20050218131128.GC26791@mathom.us> <[🔎] 20050218224244.GO27881@cia.net.au>

On Sat, Feb 19, 2005 at 09:42:48AM +1100, campbellm@cia.com.au wrote:

yes - and I have been the victim of one of these (the 'suckit' rootkit).
But at least using non-modular kernels prevents one class of attacks...


Sure. At a fairly high cost in administrative overhead you can prevent
one fairly narrow category of attack (one which I've seen fail in the
field a *lot* because the kiddies run into problems of compatability
between kernel versions). I have yet to see a convincing argument that
the dubious benefit justifies the cost.

Mike Stone

Reply to:

Follow-Ups:
- Re: Kernel security advice
  - From: campbellm@cia.com.au

References:
- Kernel security advice
  - From: "JM" <jmm19@humboldt.edu>
- Re: Kernel security advice
  - From: campbellm@cia.com.au
- Re: Kernel security advice
  - From: Michael Stone <mstone@debian.org>
- Re: Kernel security advice
  - From: campbellm@cia.com.au

Prev by Date: unsubscribe
Next by Date: Re: using sarge on production machines
Previous by thread: Re: Kernel security advice
Next by thread: Re: Kernel security advice
Index(es):
- Date
- Thread