31 May
2000
31 May
'00
10:24
Experimenting with a firewall I compiled a monolithic kernel with masquerading and without loadable module support so as to make it impossible to subvert the kernel by a malicious module. I wondered about this too, but dont you need root-rights in order to load a kernel modul ?
Not always =) Also once you load a module (like say NARK, a kernel level rootkit for Linux) the sysadmin is f**ked, it's almost impossible to find you've been taken over and recovery basically involves shutdown and a reinstall. Getting rid of kernel module support is a good security addition (it helps quite a bit).
MfG Matthias
-Kurt