Re: Kernel options for server use

From: Tim Haynes (usenet-20040314_at_stirfried.vegetable.org.uk)
Date: 03/15/04


Date: Sun, 14 Mar 2004 23:00:09 +0000

jealousxmp@aol.commonplace (jealous xmp) writes:

>>While building a new kernel, which is only to be for a web server, I
>>wondered if it would be a good idea to disable support for loadable
>>kernel modules? I couldn't think of any good reasons why a server
>>would need this.
>
> So you have to recompile before loading a kernel-mode rootkit. Argh.

Erm.. No? There was an article a year or more ago where modules were
effectively loaded into a running kernel without using the regular insmod
calls. So, while this used to be a relatively effective way of putting a
hurdle in a cracker's way, I wouldn't be surprised if it ceases to be
particularly useful sooner rather than later.

~Tim

-- 
  22:58:54 up 103 days,  2:14,  0 users,  load average: 0.64, 0.55, 0.30
piglet@stirfried.vegetable.org.uk |Morning dawning /
http://spodzone.org.uk/cesspit/   |With life abounding


Relevant Pages