On Mon, 11 Oct 1999, [EMAIL PROTECTED] wrote:
>>On Sat, Oct 09, 1999 at 09:09:08PM -0400, [EMAIL PROTECTED] wrote:
>> > This is true. I followed a thread on linux-kernel on this very topic
>> about
>> > 6 months ago.
And what was the outcome of that discussion, many important things
were discussed and some of which are now imlimented, making the use
of modules even safer, anyway, like the discussion on linux-kernel
this discussion here will only lead newbies into thinking that
modules are insecure, "which they are not".
It all comes down to secutity, if one lets a cracker in then its his
own problem, or at least thats the opinion of most subscribers of
the linux-kernel mailing list.
If one runs a program which is known to have holes in it, then
someone will creep thro' it just for the kick.
Remember we are talking about extream cases here, that was also
mentioned in the said discussion 6 months ago, things have improved a
lot since then.
>> So? If you compile that same code into the kernel it will do the same
>> thing without any modules. Modules are effectively part of the kernel,
>> and if you load them promiscuously from unclean sources, you will likely
>> get a disease. You don't want any code in a module that you wouldn't
>> want in your kernel. Did that module come from ftp.*.kernel.org? :-)
>
> However, If a cracker were to get root on your machine, if he/she wanted
> to install a new kernel, he's going to need to reboot your machine,
> and people generally notice reboots, and investigate why they happened
> however, a trojan module could be installed, with nobody the wiser and
> stick around past the security hole that let him/her in getting fixed......
>
> greg
>--
>public key available at www.keyserver.net
>
----------------------------------------
Content-Type: application/pgp-signature; name="unnamed"
Content-Transfer-Encoding: 7bit
Content-Description:
----------------------------------------
--
Regards Richard
[EMAIL PROTECTED]
http://people.zeelandnet.nl/pa3gcu/
