Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Wed, 23 Oct 2002 18:13:44 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Wed, 23 Oct 2002 18:13:44 -0400 Received: from jstevenson.plus.com ([212.159.71.212]:9259 "EHLO alpha.stev.org") by vger.kernel.org with ESMTP id ; Wed, 23 Oct 2002 18:13:43 -0400 Subject: Re: One for the Security Guru's From: James Stevenson To: "Robert L. Harris" Cc: Linux-Kernel In-Reply-To: <20021023130251.GF25422@rdlg.net> References: <20021023130251.GF25422@rdlg.net> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.3 (1.0.3-6) Date: 23 Oct 2002 23:15:14 +0100 Message-Id: <1035411315.5377.8.camel@god.stev.org> Mime-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1279 Lines: 31 > The consultants aparantly told the company admins that kernel modules > were a massive security hole and extremely easy targets for root kits. > As a result every machine has a 100% monolithic kernel, some of them > ranging to 1.9Meg in filesize. This of course provides some other > sticky points such as how to do a kernel boot image. i very much doubt this would stop anyone who really wanted todo something like loading a module. Stating something like that would also mean booting the kernel from a disk inside the machine is also insecure. As to load a module you must be root and if you are root you can read / write disks. Thus you could recompile your own kernel install it try to force a crash or a reboot which is not hard as root and the person may not even notice that the kernel has grown by a few bytes after the crash. The only thing it may do is slow somebody down. A lot of people out there if they can get access to a system and cannot keep it will also tend todo a rm -rfv / or equivelent nasty. James - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/