* Marc Mutz <[EMAIL PROTECTED]> writes:
>> > 3.) ...lowers security a bit
>>
>> Totally Disagree
>>
> Of course you do... We had this exact discussion some time ago here on
> lnml. Since then, I found a message to bugtraq from a few years ago that
> described a module that - once loaded - would redefine syscalls like
> read and write to mask it's existance entirely.
> They could e.g. hide arbitrary content of directories and even fake
> lsmod. So you have a means of compromising a system without _any_ chance
> to be reveiled[1]. Not something you want to happen.
This assumes that the intruder has write access to your filesystem.
By this stage it is too late. And whether you use modules or not is
not going to make much difference. The intruder could just as easily
overwrite your kernel image with an evil one, re-run lilo then cause
the system to go down for reboot.
In my opinion, system security starts with keeping intruders out of
the system in the first place. It's not about making it harder for
them once they get in. If somebody breaks into your system, you've
got problems. Close and lock the door they came in through, rather
than run around hiding the jewelry.
--
---Regards, Steve Youngs--------Email:-<[EMAIL PROTECTED]>---
| If Microsoft is the answer, then all I can say is that |
| you are asking the wrong question. |
------------------------------<Don't be a Newbie--Be a Gnu-bie>---
