> The attack would have gained root. He could 'exec rm -rf /' or fdisk,
> or 'cat /dev/random > /dev/sda', or _anything_ else.
No. Go read the securelevel code in 2.0. The highest securelevel (3,
I think) bans writes to block devices. I think that it also blocks
mount calls, so read-only filesystems would be protected, too.
> Disabling modules interface won't stop bad people doing bad things.
No. Examine securelevels or the capability stuff (esp. the securelevel-
like bounding set) in 2.2+. root's power can be constrained. It _does_
stop people doing bad things.
> It will just stop good people doing anything productive.
> Time would be better spent improving security elsewhere.
Why? If I can disable module loading, promiscuous network operation and
a few nasty filesystem things _even for root_ then the risk to my network
of a compromised machine is greatly reduced.
> Instead of thinking of ways to stop people doing things when they get in,
> stop them getting in in the first place..
Following that argument, perhaps I should run Apache as root? Oracle?
Matthew.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/