On Thursday 25 April 2002 15:43, Michael Seewald wrote:
On Thu, 25 Apr 2002, Roman Drahtmueller wrote:
Could you elaborate on that a little more? I thought, that the nastiest root-kits available exploit the module mechanisms? Not true?
Negative... It's in one of the phrack magazines: manipulation of kernel memory through /dev/mem, thereby making in possible to introduce new code. So, you see: As long as you can manipulate memory, you're not safe.
Ok, so the conclusion (for the slow-minded..): As long as /dev/mem is around, non-modularized kernels don't help. Right?
You could also take a look at lids (www.lids.org), which can prevent /dev/mem access as well as subsequent loading of modules. It does this by a tunable control of the use of capabilities by programs. Lids can also control the access to files to make them invisible or Read-Only for just some or all programs run by root. Andreas ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been scanned for the presence of computer viruses. **********************************************************************