On Sat, Oct 09, 1999 at 09:09:08PM -0400, [EMAIL PROTECTED] wrote:
>
>
> So? If you compile that same code into the kernel it will do the same
> thing without any modules. Modules are effectively part of the kernel,
> and if you load them promiscuously from unclean sources, you will likely
> get a disease. You don't want any code in a module that you wouldn't
> want in your kernel. Did that module come from ftp.*.kernel.org? :-)
I don't think you fully realize the implication. Since modules can be
invisible, malicious and automatically loaded, the problem actually pretty
bad. It is not necessary for a cracker to recompile my modules or kernel
in order to do something nasty at that level. All he has to do is stick
replace a real module with an evil one. Cracks that give access to the
filesystem are legion.
Example crack: Cracker finds a buffer overflow in, say, sendmail that allows
him to put a file anywhere he wants. So he replaces your modular network
card driver with an exact replica that also mirrors your traffic to his
machine. (I came up with this example off the top of my head, forgive me)
--
My public encryption key is available from
www.az.com/~drysdam/crypt/rysdam.gpg.html
and of course www.keyserver.net
PGP signature
