Kernel modules
From: Hal Flynn (flynn@securityfocus.com)
Date: 03/06/03
- Previous message: Hal Flynn: "Article Announcement: Secure MySQL Database Design"
- Next in thread: Matt Harris: "Re: Kernel modules"
- Maybe reply: Matt Harris: "Re: Kernel modules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 5 Mar 2003 16:06:13 -0700 (MST) From: Hal Flynn <flynn@securityfocus.com> To: focus-sun@securityfocus.com
Hi folks,
A friend and I were having a discussion a few weeks ago concerning
loadable kernel modules and Solaris. Basically, we were in agreement that
preventing the loading of malicious kernel modules was merely a step that,
while not offering total security, was an excellent means of preventing
kernel back doors as they're commonly used.
I've been thinking it over more in the last few weeks, and I've reached a
point at which I'm curious as to what other people responsible for the
security of Solaris systems are doing to prevent, or at least limit the
ability of users to load modules on a system.
Obviously, when an attacker compromises administrative access, the game is
essentially over. Theoretically, the attacker can patch the running
kernel, creating a situation in which detection of compromise would at
the very least be difficult. However, I think we're still in the arms
race leading up to that, and for now the concern is the LKM.
So, my question is, what are you doing to prevent the loading of kernel
modules? Any clever tricks? Hacks?
Cheers,
Hal Flynn
Symantec Corp.
"....You guys are the Marine's doctors; There's no better in the business
than a Navy Corpsman...."
-- Lieutenant General Lewis B. "Chesty" Puller, U.S.M.C.
- Previous message: Hal Flynn: "Article Announcement: Secure MySQL Database Design"
- Next in thread: Matt Harris: "Re: Kernel modules"
- Maybe reply: Matt Harris: "Re: Kernel modules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
