Re: Kernel security advice
On Sat, 19 Feb 2005 email@example.com wrote:
> On Fri, Feb 18, 2005 at 08:06:59PM -0500, Michael Stone wrote:
> > On Sat, Feb 19, 2005 at 09:42:48AM +1100, firstname.lastname@example.org wrote:
> > >yes - and I have been the victim of one of these (the 'suckit' rootkit).
> > >But at least using non-modular kernels prevents one class of attacks...
> > Sure. At a fairly high cost in administrative overhead you can prevent
> > one fairly narrow category of attack (one which I've seen fail in the
> > field a *lot* because the kiddies run into problems of compatability
> > between kernel versions). I have yet to see a convincing argument that
> > the dubious benefit justifies the cost.
> why, in particular, do you consider it to be a 'fairly high cost in
> administrative overhead'?
from my view ... of michael's comment:
i think "high costs" is: "how do i mke my own custom kernel part of the
security tasks" ?? ( way, way too many people/corp run generic distro
kernels and than complain later they've been [cr/h]acked )
if one knows how to make a kernel, its 5 minutes to config and install it,
and otherwise, it can be 5hrs or 5 days for a newbie to make their own
custom kernel ??
removing kernel modules makes the problem more fun
protecting the kernel from exploits is one very small piece of the
security pie, of which the kernel modules are of dubious benefits in
fun stuff ..
- for now, i'm spending my nickel/time on sniffing which i think is a
bigger problem than kernel modules and trying to detect the sniffers