Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Wed, 23 Oct 2002 09:54:05 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Wed, 23 Oct 2002 09:54:05 -0400 Received: from max.fiasco.org.il ([192.117.122.39]:35596 "HELO latenight.fiasco.org.il") by vger.kernel.org with SMTP id ; Wed, 23 Oct 2002 09:54:04 -0400 Subject: Re: One for the Security Guru's From: Gilad Ben-ossef To: Alan Cox Cc: "Robert L. Harris" , Linux Kernel Mailing List In-Reply-To: <1035380716.4323.50.camel@irongate.swansea.linux.org.uk> References: <20021023130251.GF25422@rdlg.net> <1035380716.4323.50.camel@irongate.swansea.linux.org.uk> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8 Date: 23 Oct 2002 15:59:02 +0200 Message-Id: <1035381547.4182.65.camel@klendathu.telaviv.sgi.com> Mime-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2123 Lines: 48 On Wed, 2002-10-23 at 15:45, Alan Cox wrote: > On Wed, 2002-10-23 at 14:02, Robert L. Harris wrote: > > The consultants aparantly told the company admins that kernel modules > > were a massive security hole and extremely easy targets for root kits. > > As a result every machine has a 100% monolithic kernel, some of them > > ranging to 1.9Meg in filesize. This of course provides some other > > sticky points such as how to do a kernel boot image > > Modules make no difference to security. If I can add a module I can swap > the kernel and reboot the box, or I can patch the kernel. In fact I can > load modules into module-less kernels its just a bit harder. IMHO the security risks associated with modules is not the potential for getting higher permissions but rather that having the loadable module capability makes it *easier* to hide your code and actions once you're in because what you would want to do is change the running kernel to hide your actions and loadable modules makes it easier to dynamically change a running kernel in general (DUH! :-). In short - LKM support doesn't open any doors; It does makes it slightly easier to stay invisible once you're in. There are, again IMHO, much simpler things that I'm willing to bet company X isn't doing (because no one is doing them) that would help much more to security then disabling LKM support. For example - when you download a new update of a kernel (or any program for that matter) source/patch (or binary package) from the net do you check the GPG signature validity? I would be VERY surprised if you answer 'yes'... :-)) Gilad. > > Alan > > - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/