[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Monolithic vs Modularised Kernels

Subject: [ale] Monolithic vs Modularised Kernels
From: jasonday at worldnet.att.net (Jason Day)
Date: Wed, 9 Jul 2003 12:08:44 -0400

On Wed, Jul 09, 2003 at 10:34:40AM -0400, John Wells wrote:
> Hmmm...to load modules into the kernel, you have to be root.  So, if a
> 1337 h4X0r is able to load a module, you're probably already pretty
> screwed.
> 
> Or am I missing something?

Yes.  If an attacker can load a custom kernel module, and if he's good
enough, he can make it much harder for you to realize you've been owned.
A kernel module can prevent things like netstat or even ls from finding
an installed rootkit.
-- 
Jason Day                                       jasonday at
http://jasonday.home.att.net                    worldnet dot att dot net
 
"Of course I'm paranoid, everyone is trying to kill me."
    -- Weyoun-6, Star Trek: Deep Space 9
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

Prev by Date: [ale] Quake 3 problems with RH90
Next by Date: [ale] Quake 3 problems with RH90
Previous by thread: [ale] Monolithic vs Modularised Kernels
Next by thread: [ale] Monolithic vs Modularised Kernels
Index(es):
- Date
- Thread