Re: Disabling Promisc mode,
Olaf Titz (olaf@bigred.inka.de)
Thu, 28 May 1998 11:57:49 +0200
> > This is impossible through software. If a user gains root
> > access, and if the NIC has a promiscuous mode which is software
> > selectable, then that user can put the NIC into promiscuous mode.
> > Proof is left as an Exercise for the Reader.
> I think the idea is to disable this mode within the kernel and
> not leave the kernel source laying around within the machine. That
> way, even root can't get raw promiscous packets.
Then root writes a small C program that does the necessary I/O
operations from user space. That's the "Proof left..." part.
This could perhaps be disabled by securelevel settings, but not for
ordinary Un*xoid operations.
olaf
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu