Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 24 Oct 2002 06:05:30 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 24 Oct 2002 06:05:30 -0400 Received: from twilight.cs.hut.fi ([130.233.40.5]:6176 "EHLO twilight.cs.hut.fi") by vger.kernel.org with ESMTP id ; Thu, 24 Oct 2002 06:05:29 -0400 Date: Thu, 24 Oct 2002 13:11:26 +0300 From: Ville Herva To: James Stevenson Cc: ebiederm@xmission.com, linux-kernel@vger.kernel.org Subject: Re: One for the Security Guru's Message-ID: <20021024101126.GQ147946@niksula.cs.hut.fi> Mail-Followup-To: Ville Herva , James Stevenson , ebiederm@xmission.com, linux-kernel@vger.kernel.org References: <20021023130251.GF25422@rdlg.net> <1035411315.5377.8.camel@god.stev.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1035411315.5377.8.camel@god.stev.org> User-Agent: Mutt/1.4i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1322 Lines: 29 On Wed, Oct 23, 2002 at 11:15:14PM +0100, you [James Stevenson] wrote: > > As to load a module you must be root and if you are root you > can read / write disks. Thus you could recompile your own kernel > install it try to force a crash or a reboot which is not hard as root > and the person may not even notice that the kernel has grown by a few > bytes after the crash. Which is why some people configure kernels not to support installing modules and only use read-only media (e.g. CD-R) for booting. Sure, there's still the /dev/kmem hole, but this closes 2 classes of attacks - loading rootkit module and booting with a hacked kernel in straight-forward way. BTW, this might be a reason to make kexec syscall to be a config option (if it isn't already.) The other reason is to avoid bloat for people that don't need it, but perhaps this is a stronger argument. I realize you can propably launch the kernel by hand (using /dev/kmem etc) if you really know what to do. But the same applies to adding code/patching kernel without CONFIG_MODULES support. -- v -- v@iki.fi - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/