On Thu, 29 Jul 2004 08:19:24 -0700 (PDT), Mike wrote in message <[EMAIL PROTECTED]>:
> --- ArArntaKarlsenararnt2i.net> wrote: > > > On Wed, 28 Jul 2004 09:28:55 -0700 (PDT), Mike wrote in message > > <20040728162855.21881.qmqmaileb11904.mail.yahoo.com>: > > > > > > > > --- ArArntaKarlsenararnt2i.net> wrote: > > > > > > > On Wed, 28 Jul 2004 13:10:46 +1000, Daniel wrote in message > > > > <87pt6gogomhfsfsfnenkiirimspaceet>: > > > > > > > > > One thing which will *not* enhance security, but is often > > > > > claimed to do so, is disabling kernel modules. Even if you > > > > > don't use them, an attacker with root privileges can still > > > > > insert code into the running kernel successfully, with the > > > > > same result as loading a kernel module. > > > > > > > > ..this would requires the presence of the loadable module, > > > > or _could_ the attacker provide it? > > > > > > > You need root totodoodule loading. With root you can also change > > > kernel memory, so yes you could force a module to load. It would > > > be simpler just to add the missing code you need to the running > > > kernel and then link it in. None the less if you have root access > > > the only reason you might need to load any kernel side code is for > > > DMDMAr hahandelingWHWninterupts Since it's unlikely that an > > > attacker would need or even care to do these things the point is > > > moot. BoBottomeine is if an attacker gets root it's ALL over, > > > they can install any software ththayight need. > > > > ..so basically, this boils down to whether or not it is > > possible to grab root with some kinda nenetcattunt. > > > Correct. As I remember you where running mail on port 25, it may be ..me? You find anything port 25 on my fw box, I'd like to know. ;-) > popossibleo kill the mailer and then hack on a closed port 25. If > your asking if having another port open will be more of a security > risk, then prprobablyot. The security risk comes in when you > acactuallytart running the server. Harden your system from > prprivilegescalation hahacksthen**when** a server is compromised the > effect is miminimal -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case.
