On Tue, Apr 01, 2003 at 01:57:10PM -0500, Phillip Hofmeister wrote: > Assuming an intruder made his way in with root privs couldn't he also > modify /dev/kmem or directly access the kernel memory by some other > means? I beleive this topic has also been discussed in the past (dig > deep into the archives) and it was concluded that not allowing modules > to be loaded does not really protect you from your kernel being > modified at run-time.
You have to use grsec to close the others up. A "grey hat" friend of mine noted that a rootkit module was his favorite hack when he was in that line of work. -- ------------------------------------------------------ IN MY NAME: Dale Amon, CEO/MD No Mushroom clouds over Islandone Society London and New York. www.islandone.org ------------------------------------------------------