Marko Randjelovic: > On Wed, 22 Jan 2014 12:24:27 +1100 > Russell Coker <russ...@coker.com.au> wrote: > >> The possibility of LSM hooks being used to hide a kernel rootkit is >> widely cited. But most sysadmins aren't going to find a kernel >> rootkit anyway so using a non-LSM security system for that reason is >> trading off the real benefit of being able to save time and effort >> in maintaining systems for the probably impossible theoretical >> benefit of not using LSM. > > If I cannot prove there is a rootkit, then I cannot be sure there is a > rootkit, but neither can I be sure the is *not* a rootkit. And merely > because you cannot know you are secure, you *feel* insecure. > Furthermore, your computer may be abused to attack other computers, > even to make a botnet. And though you cannot know the attacker is > doing against your interests, neither you can know the opposite and > again, this generates feeling of insecurity.
I do not see which implications that has for LSM. > And if you neglect this, you are unconsciously submitting to the > aggressor. I am not aware of anybody here doing that. Cheers, Andreas -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52e27948.4010...@ping.de