hello !
do we need to have write access to /dev/kmem - especially on a server without X ?
iirc, write access can be disabled, for example with addons like grsecurity.
(don`t know what will be broken besides X, though)
regards
roland
> -----Ursprüngliche Nachricht-----
> Von: Dave Jones <[email protected]>
> Gesendet: 29.04.06 18:43:41
> An: [email protected]
> CC: [email protected]
> Betreff: Re: another kconfig target for building monolithic kernel (for security) ?
> On Sat, Apr 29, 2006 at 03:03:55PM +0200, [email protected] wrote:
>
> > i want to harden a linux system (dedicated root server on the internet) by recompiling the kernel without support for lkm (to prevent installation of lkm based rootkits etc)
>
> Loading modules via /dev/kmem is trivial thanks to a bunch of tutorials and
> examples on the web, so this alone doesn't make life that much more difficult for attackers.
>
> Dave
>
> --
> http://www.codemonkey.org.uk
_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]