[GLLUG] monilithic kernel (debian 3.0) and ethernet devices
djf2
djf2@danu.ili.net
Thu, 21 Mar 2002 15:12:53 -0500 (EST)
On 21 Mar 2002, Ben Pfaff wrote:
> > I know at least one reason that people do it is because a rogue
> > module can make it awfully hard to tell if you've been rooted.
> > [...]
>
> According to Alan Cox, IIRC, many rootkits now can modify the
> kernel by hand with an included linker whether modules are
> enabled or not, so that the "security" that this provides is
> really just a false feeling.
damn! Is this considered a 'feature' or a 'bug'? Still...I'd guess
leaveing modules enabled would still leave you open to getting them
overwritten, wouldn't it?
--
"Is that sound you're hearing the trumpeting of St. Peter's angels
or the screams of Memnoch's tortured souls?"
Don Flynn djf2@ili.net Sayge@IRC