Re: Disabling module loading with a module?

fvw (fvw@chello.nl)
Tue, 17 Aug 1999 15:09:39 +0200

On Tue, 17 Aug 1999, Helge Hafting wrote:
> Of course it is possible disabling module loading, put
> an if-test in the place where modules are loaded, and have your
> disabling module set the tested variable.
>
> Turning module loading on again would need different means - as you
> won't be able to load a turn-on module while loading is disabled.
>
> You don't need a special module to do this though. Modules are
> loaded using the insmod/modprobe program. The root user may easily
> stop module operations by turning off the executable bit
> for this program. The kernel would then be unable to run it.
> All you need is "chmod oug-x /sbin/modprobe"

I might have been a bit unclear with the reason I would (Theoretically, my
systems are exactly fortressess anyway) want to do this. It is meant as a way
to hinder methods to cover up a system has been cracked. What made me think
about this was the story about the internet auditing project of wich one of the
hosts was cracked, and it was very cunningly disguised by loading a kernel
module which hides a number of running processes etc. A cracker could easily
reverse the permissions on modprobe, or upload his/her (well, face it: his)
version of modprobe.

--


			Frank v Waveren
			fvw@chello.nl
			ICQ# 10074100


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/