On Sat, Oct 09, 1999 at 09:09:08PM -0400, [EMAIL PROTECTED] wrote:
> > This is true. I followed a thread on linux-kernel on this very topic
> about
> > 6 months ago.
>
> So? If you compile that same code into the kernel it will do the same
> thing without any modules. Modules are effectively part of the kernel,
> and if you load them promiscuously from unclean sources, you will likely
> get a disease. You don't want any code in a module that you wouldn't
> want in your kernel. Did that module come from ftp.*.kernel.org? :-)
However, If a cracker were to get root on your machine, if he/she wanted
to install a new kernel, he's going to need to reboot your machine,
and people generally notice reboots, and investigate why they happened
however, a trojan module could be installed, with nobody the wiser and
stick around past the security hole that let him/her in getting fixed......
greg
--
public key available at www.keyserver.net
PGP signature
