> Kernel modules can hide evidence of a crack, thus allowing crackers to
> penetrate further into the network.
So can a dozen other methods. If you got root, you've the run of the system
anyway. The _only_ way to go around that is to have a printer connected and
send all syslog there.
> I must admit, the more I'm exposed to the cynisism of the list, the more I
> begin to wonder if it would all be worth it, except for maybe the odd
> university etc. Congratulations :-)
I'ts not cynicism, it's just that this is a rather hard way to hide
evidence, vermin will use simpler methods. They aren't this easy to stop,
either.
-- Dr. Horst H. von Brand mailto:vonbrand@inf.utfsm.cl Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/