Mailinglist Archive: opensuse-security (192 mails)

< Previous Next >
Re: [suse-security] masquerading and a monolithic kernel
  • From: Arjen Runsink <arjen@xxxxxxxxxxxxxxxx>
  • Date: Wed, 31 May 2000 17:01:12 +0200
  • Message-id: <39352938.6F839985@xxxxxxxxxxxxxxxx>
It seems that Kurt got a message that I haven't received (yet, though
it's about 5 hours now after he sent it)

Kurt Seifried wrote:
>
> > >Experimenting with a firewall I compiled a monolithic kernel with
> > >masquerading and without loadable module support so as to make it
> > >impossible to subvert the kernel by a malicious module.
> > I wondered about this too, but dont you need root-rights in order to load
> a
> > kernel modul ?
>
> Not always =) Also once you load a module (like say NARK, a kernel level
>
> >
> > MfG
> > Matthias
>
> -Kurt


Root rights are obtaineable saidly. (Buffer overflow in a setuid root
program)) Or sniffed from a telnet session from a _very_ ignorant
sysadmin etc.


BB, Arjen



--
Sell what you use, use what you sell.

< Previous Next >