On Tue, Apr 01, 2003 at 01:57:10PM -0500, Phillip Hofmeister wrote:
> Assuming an intruder made his way in with root privs couldn't he also
> modify /dev/kmem or directly access the kernel memory by some other
> means? I beleive this topic has also been discussed in the past (dig
> deep into the archives) and it was concluded that not allowing modules
> to be loaded does not really protect you from your kernel being
> modified at run-time.
You have to use grsec to close the others up. A
"grey hat" friend of mine noted that a rootkit module
was his favorite hack when he was in that line of work.
--
------------------------------------------------------
IN MY NAME: Dale Amon, CEO/MD
No Mushroom clouds over Islandone Society
London and New York. www.islandone.org
------------------------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
