Re: One for the Security Guru's

• Next message: Padraig Brady: "Re: 2.5.44-[mm3, ac2] time to tar zxf kernel tarball compared forvarious"
• Previous message: Denis Vlasenko: "Re: [RESEND] tuning linux for high network performance?"
• In reply to: Henning P. Schmiedehausen: "Re: One for the Security Guru's"
• Next in thread: Henning P. Schmiedehausen: "Re: One for the Security Guru's"
• Reply: Henning P. Schmiedehausen: "Re: One for the Security Guru's"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2002-10-24 at 12:09, Henning P. Schmiedehausen wrote:
> Ville Herva <vherva@niksula.hut.fi> writes:
>
> >the /dev/kmem hole, but this closes 2 classes of attacks - loading rootkit
> >module and booting with a hacked kernel in straight-forward way.
>
> Question: What do I lose when you remove /dev/kmem?
> Related question: Would it be useful to make /dev/kmem read-only?

Makes no real difference. If the user got to root they can work the
chmod command. What you want to do is revoke CAP_SYS_RAWIO which kills
off all direct hardware access - mem/kmem/iopl/ioperm etc. It does stop
non kernel fb X working but thats not a big deal on a server.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Padraig Brady: "Re: 2.5.44-[mm3, ac2] time to tar zxf kernel tarball compared forvarious"
• Previous message: Denis Vlasenko: "Re: [RESEND] tuning linux for high network performance?"
• In reply to: Henning P. Schmiedehausen: "Re: One for the Security Guru's"
• Next in thread: Henning P. Schmiedehausen: "Re: One for the Security Guru's"
• Reply: Henning P. Schmiedehausen: "Re: One for the Security Guru's"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Oct 31 2002 - 22:00:23 EST