Re: One for the Security Guru's

From: Gilad Ben-ossef (gilad@benyossef.com)
Date: Wed Oct 23 2002 - 08:59:02 EST

Next message: Chris Friesen: "Re: feature request - why not make netif_rx() a pointer?"
Previous message: Christian Guggenberger : "via-rhine weirdness with via kt8235 Southbridge"
In reply to: Alan Cox: "Re: One for the Security Guru's"
Next in thread: James Cleverdon: "Re: One for the Security Guru's"
Reply: James Cleverdon: "Re: One for the Security Guru's"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2002-10-23 at 15:45, Alan Cox wrote:
> On Wed, 2002-10-23 at 14:02, Robert L. Harris wrote:
> > The consultants aparantly told the company admins that kernel modules
> > were a massive security hole and extremely easy targets for root kits.
> > As a result every machine has a 100% monolithic kernel, some of them
> > ranging to 1.9Meg in filesize. This of course provides some other
> > sticky points such as how to do a kernel boot image
>
> Modules make no difference to security. If I can add a module I can swap
> the kernel and reboot the box, or I can patch the kernel. In fact I can
> load modules into module-less kernels its just a bit harder.

IMHO the security risks associated with modules is not the potential for
getting higher permissions but rather that having the loadable module
capability makes it *easier* to hide your code and actions once you're
in because what you would want to do is change the running kernel to
hide your actions and loadable modules makes it easier to dynamically
change a running kernel in general (DUH! :-). In short - LKM support
doesn't open any doors; It does makes it slightly easier to stay
invisible once you're in.

There are, again IMHO, much simpler things that I'm willing to bet
company X isn't doing (because no one is doing them) that would help
much more to security then disabling LKM support. For example - when you
download a new update of a kernel (or any program for that matter)
source/patch (or binary package) from the net do you check the GPG
signature validity? I would be VERY surprised if you answer 'yes'...
:-))

Gilad.

>
> Alan
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Friesen: "Re: feature request - why not make netif_rx() a pointer?"
Previous message: Christian Guggenberger : "via-rhine weirdness with via kt8235 Southbridge"
In reply to: Alan Cox: "Re: One for the Security Guru's"
Next in thread: James Cleverdon: "Re: One for the Security Guru's"
Reply: James Cleverdon: "Re: One for the Security Guru's"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:01:04 EST