OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] masquerading and a monolithic kernel
From: Kurt Seifried (listuserseifried.org)
Date: Wed May 31 2000 - 05:24:07 CDT


> >Experimenting with a firewall I compiled a monolithic kernel with
> >masquerading and without loadable module support so as to make it
> >impossible to subvert the kernel by a malicious module.
> I wondered about this too, but dont you need root-rights in order to load
a
> kernel modul ?

Not always =) Also once you load a module (like say NARK, a kernel level
rootkit for Linux) the sysadmin is f**ked, it's almost impossible to find
you've been taken over and recovery basically involves shutdown and a
reinstall. Getting rid of kernel module support is a good security addition
(it helps quite a bit).

>
> MfG
> Matthias

-Kurt

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com