Re: Disabling module loading with a module?

fvw (fvw@chello.nl)
Tue, 17 Aug 1999 22:55:49 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Xavier Leclercq: "Threads and processes"
Previous message: Steve Dodd: "Re: Disabling module loading with a module?"
Maybe in reply to: fvw: "Disabling module loading with a module?"
Next in thread: fvw: "Re: Disabling module loading with a module?"

On Tue, 17 Aug 1999, Horst von Brand wrote:
> fvw <fvw@chello.nl> said:
> > On Tue, 17 Aug 1999, Jones D (ISaCS) wrote:
> > > Sorry, I fail to see the connection between kernel modules and
> > > trusted networks.
>
> > Kernel modules can hide evidence of a crack, thus allowing crackers to
> > penetrate further into the network.
>
> So can a dozen other methods. If you got root, you've the run of the system
> anyway. The _only_ way to go around that is to have a printer connected and
> send all syslog there.
No, not really. Therer are two options:
1) Modify binaries. So loading binaries from a cdrom will defeat this.
2) Make everything all other users see a simulation. This simply not possible
because there aren't enough system resources. (At least not to do it
convincingly).

Frank v Waveren fvw@chello.nl ICQ# 10074100

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Xavier Leclercq: "Threads and processes"
Previous message: Steve Dodd: "Re: Disabling module loading with a module?"
Maybe in reply to: fvw: "Disabling module loading with a module?"
Next in thread: fvw: "Re: Disabling module loading with a module?"