Re: another kconfig target for building monolithic kernel (for security) ?

From: Dave Jones
Date: Sat Apr 29 2006 - 12:43:34 EST

Next message: devzero: "Re: another kconfig target for building monolithic kernel (for security) ?"
Previous message: Sergey Vlasov: "Re: [patch 03/24] make vm86 call audit_syscall_exit"
In reply to: devzero: "another kconfig target for building monolithic kernel (for security) ?"
Next in thread: Arjan van de Ven: "Re: another kconfig target for building monolithic kernel (forsecurity) ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Apr 29, 2006 at 03:03:55PM +0200, devzero@xxxxxx wrote:

> i want to harden a linux system (dedicated root server on the internet) by recompiling the kernel without support for lkm (to prevent installation of lkm based rootkits etc)

Loading modules via /dev/kmem is trivial thanks to a bunch of tutorials and
examples on the web, so this alone doesn't make life that much more difficult for attackers.

Dave

--
http://www.codemonkey.org.uk
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: devzero: "Re: another kconfig target for building monolithic kernel (for security) ?"
Previous message: Sergey Vlasov: "Re: [patch 03/24] make vm86 call audit_syscall_exit"
In reply to: devzero: "another kconfig target for building monolithic kernel (for security) ?"
Next in thread: Arjan van de Ven: "Re: another kconfig target for building monolithic kernel (forsecurity) ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]