On Tue, Apr 01, 2003 at 01:57:10PM -0500, Phillip Hofmeister wrote:
> Assuming an intruder made his way in with root privs couldn't he also
> modify /dev/kmem or directly access the kernel memory by some other
> means?  I beleive this topic has also been discussed in the past (dig
> deep into the archives) and it was concluded that not allowing modules
> to be loaded does not really protect you from your kernel being
> modified at run-time.

You have to use grsec to close the others up. A
"grey hat" friend of mine noted that a rootkit module
was his favorite hack when he was in that line of work.

-- 
------------------------------------------------------
       IN MY NAME:            Dale Amon, CEO/MD
  No Mushroom clouds over     Islandone Society
    London and New York.      www.islandone.org
------------------------------------------------------


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to