Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 24 Oct 2002 12:44:01 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 24 Oct 2002 12:43:10 -0400 Received: from ebiederm.dsl.xmission.com ([166.70.28.69]:23601 "EHLO frodo.biederman.org") by vger.kernel.org with ESMTP id ; Thu, 24 Oct 2002 12:42:25 -0400 To: Ville Herva Cc: James Stevenson , ebiederm@xmission.com, linux-kernel@vger.kernel.org Subject: Re: One for the Security Guru's References: <20021023130251.GF25422@rdlg.net> <1035411315.5377.8.camel@god.stev.org> <20021024101126.GQ147946@niksula.cs.hut.fi> From: ebiederm@xmission.com (Eric W. Biederman) Date: 24 Oct 2002 10:46:39 -0600 In-Reply-To: <20021024101126.GQ147946@niksula.cs.hut.fi> Message-ID: User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1118 Lines: 21 Ville Herva writes: > On Wed, Oct 23, 2002 at 11:15:14PM +0100, you [James Stevenson] wrote: > > > > As to load a module you must be root and if you are root you > > can read / write disks. Thus you could recompile your own kernel > > install it try to force a crash or a reboot which is not hard as root > > and the person may not even notice that the kernel has grown by a few > > bytes after the crash. > > Which is why some people configure kernels not to support installing modules > and only use read-only media (e.g. CD-R) for booting. Sure, there's still > the /dev/kmem hole, but this closes 2 classes of attacks - loading rootkit > module and booting with a hacked kernel in straight-forward way. > > BTW, this might be a reason to make kexec syscall to be a config option (if > it isn't already.) It already is a config option. Eric - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/