In article <[EMAIL PROTECTED]> you write:
>On Sun, 19 Nov 2000, Alexander Viro wrote:
>> On Sun, 19 Nov 2000, David Lang wrote:
>> > there is a rootkit kernel module out there that, if loaded onto your
>> > system, can make it almost impossible to detect that your system has been
>> > compramised. with module support disabled this isn't possible.
>> Yes, it is. Easily. If you've got root you can modify the kernel image and
>> reboot the bloody thing. And no, marking it immutable will not help. Open
>> the raw device and modify relevant blocks.
>
>Kernel on writeprotected floppy disk...
So change the CMOS-settings so that the BIOS changes the boot order
from A, C, CD-ROM to C first instead. *grin* How long do you want
to keep playing Tic-Tac-Toe?
Of course, using capabilities and totally disabling access to the raw
disk devices and to any I/O ports might be the solution, provided that
there are no bugs or thinkos in the capabilities code.
/Christer
--
"Just how much can I get away with and still go to heaven?"
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
