Mailinglist Archive: opensuse-security (192 mails)

< Previous Next >
Re: [suse-security] masquerading and a monolithic kernel
  • From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
  • Date: Wed, 31 May 2000 04:24:07 -0600
  • Message-id: <002b01bfcaea$5a5ee630$6400030a@xxxxxxxxxxxx>
> >Experimenting with a firewall I compiled a monolithic kernel with
> >masquerading and without loadable module support so as to make it
> >impossible to subvert the kernel by a malicious module.
> I wondered about this too, but dont you need root-rights in order to load
> kernel modul ?

Not always =) Also once you load a module (like say NARK, a kernel level
rootkit for Linux) the sysadmin is f**ked, it's almost impossible to find
you've been taken over and recovery basically involves shutdown and a
reinstall. Getting rid of kernel module support is a good security addition
(it helps quite a bit).

> MfG
> Matthias


< Previous Next >
Follow Ups