[GLLUG] monilithic kernel (debian 3.0) and ethernet devices

djf2 djf2@danu.ili.net
Thu, 21 Mar 2002 15:12:53 -0500 (EST)

Previous message: [GLLUG] monilithic kernel (debian 3.0) and ethernet devices
Next message: [GLLUG] VPN - FreeSwan
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 21 Mar 2002, Ben Pfaff wrote:

> >      I know at least one reason that people do it is because a rogue
> > module can make it awfully hard to tell if you've been rooted.
> > [...]
> 
> According to Alan Cox, IIRC, many rootkits now can modify the
> kernel by hand with an included linker whether modules are
> enabled or not, so that the "security" that this provides is
> really just a false feeling.

     damn!  Is this considered a 'feature' or a 'bug'?  Still...I'd guess
leaveing modules enabled would still leave you open to getting them
overwritten, wouldn't it?

--
"Is that sound you're hearing the trumpeting of St. Peter's angels
 or the screams of Memnoch's tortured souls?"
Don Flynn        djf2@ili.net                   Sayge@IRC

Previous message: [GLLUG] monilithic kernel (debian 3.0) and ethernet devices
Next message: [GLLUG] VPN - FreeSwan
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]