Ville Herva <vherva@niksula.hut.fi> writes:
> On Wed, Oct 23, 2002 at 11:15:14PM +0100, you [James Stevenson] wrote:
> >
> > As to load a module you must be root and if you are root you
> > can read / write disks. Thus you could recompile your own kernel
> > install it try to force a crash or a reboot which is not hard as root
> > and the person may not even notice that the kernel has grown by a few
> > bytes after the crash.
>
> Which is why some people configure kernels not to support installing modules
> and only use read-only media (e.g. CD-R) for booting. Sure, there's still
> the /dev/kmem hole, but this closes 2 classes of attacks - loading rootkit
> module and booting with a hacked kernel in straight-forward way.
>
> BTW, this might be a reason to make kexec syscall to be a config option (if
> it isn't already.)
It already is a config option.
Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Oct 31 2002 - 22:00:23 EST