Alexander Viro wrote:
> On Sun, 19 Nov 2000, Christer Weinigel wrote:
>
> > In article <Pine.LNX.4.30.0011190710440.13087-100000@anime.net> you write:
> > >On Sun, 19 Nov 2000, Alexander Viro wrote:
> > >> On Sun, 19 Nov 2000, David Lang wrote:
> > >> > there is a rootkit kernel module out there that, if loaded onto your
> > >> > system, can make it almost impossible to detect that your system has been
> > >> > compramised. with module support disabled this isn't possible.
> > >> Yes, it is. Easily. If you've got root you can modify the kernel image and
> > >> reboot the bloody thing. And no, marking it immutable will not help. Open
> > >> the raw device and modify relevant blocks.
> > >
> > >Kernel on writeprotected floppy disk...
>
> Cute. And when (not if) we get hit by new bug in the net/*/* you will drive
> to the location of said router to upgrade the thing.
>
No, I mail the customer a new operating CD.
-b
>
> > So change the CMOS-settings so that the BIOS changes the boot order
> > from A, C, CD-ROM to C first instead. *grin* How long do you want
> > to keep playing Tic-Tac-Toe?
>
> Now, _that_ can be taken care of (custom boot code burnt into the thing)
>
> > Of course, using capabilities and totally disabling access to the raw
> > disk devices and to any I/O ports might be the solution, provided that
> > there are no bugs or thinkos in the capabilities code.
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> Please read the FAQ at http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Nov 23 2000 - 21:00:18 EST