1 |
On Tuesday 15 May 2007, Dan Farrell <dan@×××××××××.cx> wrote about 'Re: |
2 |
[gentoo-user] Managing my kernel': |
3 |
> On Tue, 15 May 2007 09:21:17 +0200 |
4 |
> Etaoin Shrdlu <shrdlu@×××××××××××××.org> wrote: |
5 |
> > On Tuesday 15 May 2007 03:57, Dan Farrell wrote: |
6 |
> > > On Tue, 15 May 2007 12:33:22 +1200 |
7 |
> > > Mark Kirkwood <markir@××××××××××××.nz> wrote: |
8 |
> > > > 2/ disables loadable modules completely |
9 |
> > > |
10 |
> > > But Why? What's the benefit? |
11 |
> > |
12 |
> > [S]ome rootkits |
13 |
> > use LKMs, and removing loadable modules support might help to prevent |
14 |
> > such attacks. |
15 |
> |
16 |
> I'd never heard of LKM rootkits, although the |
17 |
> concept is I suppose a good one, as far as defeating security goes. I |
18 |
> must say I'm not going to start worrying about it, but point taken |
19 |
|
20 |
The (GPL'd) rootkit I was able to look at didn't even use LKMs, it simply |
21 |
patched the kernel live via /proc/kcore. The version I saw probably |
22 |
wouldn't work anymore, but LKMs aren't the only way a rootkit can take |
23 |
hold. |
24 |
|
25 |
-- |
26 |
Boyd Stephen Smith Jr. ,= ,-_-. =. |
27 |
bss03@××××××××××.net ((_/)o o(\_)) |
28 |
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' |
29 |
http://iguanasuicide.org/ \_/ |